The  Kriens  game  Juniper  GEO  Scott  Kriens  isn't  backing  64-bit  bang  64-bit  Windows  Server  2003  blows  away 

down  from  Cisco  and  others  in  the  enterprise  network  market  PAGE  12.  32-bit  Windows  and  beats  Unix  in  special  kemeknode.  PAGE  41 . 
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AT&T  preps  service 
to  manage  threats 


■  BY  DENISE  PAPPALARDO 

AT&T  is  readying  a  threat-management  service  for 
its  largest  customers  that  is  designed  to  aggregate 
security  information  from  dozens  of  devices  and 
platforms  under  one  umbrella. 

Called  Aurora,  the  system  is  linked  to  the  carrier’s 
IP  network  and  promises  to  let  customers  more 
quickly  react  to  threats  because  information  is  pre¬ 
sented  in  a  more  coherent  fashion,  AT&T  says. 


AT&T  developed  Aurora  more  than  two  years  ago 
to  process  the  huge  amount  of  security  data  that  its 
own  global  network  produces.  Now  the  carrier  is 
preparing  to  make  the  system  available  to  cus¬ 
tomers,  with  beta  tests  having  been  initiated  at  two 
sites  last  week. 

“Aurora  is  essentially  a  huge  database  that  col¬ 
lects  firewall  and  IPS  logs,  net  flows  from  our 
routers,  information  from  our  honeypots  and  all 

See  Aurora,  page  15 


1 1  Aurora  is  essentially  a  huge  database  that  collects 
firewall  and  IPS  logs,  net  flows  from  our  routers,  information 
from  our  honeypots  and  all  sorts  of  different  networks  in 
and  around  AT&T.  9  9 


Ed  Amoroso 

Chief  information  security  officer,  AT &T 


Take  it  all*  outsourcing  on  the  wane 


■  BY  JENNIFER  MEARS  AND 
ANN  BEDNARZ 

The  messy  breakup  between 
Sears,  Roebuck  and  Co.  and  its 
service  partner  Computer 
Sciences  Corp.  this  month  sym¬ 
bolizes  a  new  outsourcing 
maxim:  Bigger  isn’t  better. 

While  the  $33  billion  U.S.  out¬ 
sourcing  market  is  expected  to 


grow  at  about  a  4%  clip  through 
2009,  the  size  of  outsourcing  deals 
is  shrinking,  according  to  IDC  and 
others.  Instead  of  entering  into 
huge,  throw-everything-over-the- 
wall  outsourcing  contracts,  such 
as  the  one  Sears  inked  with  CSC, 
corporations  are  signing  on  for 
smaller,  more  business-specific 
arrangements. 

Take  the  city  of  Chicago.  It  has 


drawn  a  clear  line  between  what 
it  will  outsource  to  its  service  pro¬ 
vider  Unisys  and  what  the  city 
keeps  in-house. 

“When  we  started,  we  went  into 
it  with  the  mind-set  that  the  city 
would  keep  functions  of  architec¬ 
ture  and  design  and  project  man¬ 
agement  of  major  projects  in- 
house,”  says  Christopher  O’Brien, 
the  city’s  CIO.  “In  terms  of  where 
the  boundaries  of  outsourcing 
begin  and  end,  that  has  remained 
fairly  constant.  It’s  not  likely  that 
we  would  do  what  some  organi¬ 
zations  have  done,  which  is  turn 
over  their  whole  IT  shop  to  an 
outsourcer!’ 

It’s  true  that  traditional,  large 
outsourcing  deals,  what  some  call 
“kitchen  sink”  outsourcing,  are 

See  Outsourcing,  page  49 


As  the  techie  crow  flies 

Citrix  co-founder  developing  'LAN  for  people.’ 

■  BY  MICHAEL  COONEY 


When  you  first  see 
the  management 
team’s  back¬ 
ground  —  past  leaders 
from  companies  such  as 
thin-client  pioneer  Citrix 
and  VoIP  vendor  Net- 
Speak  —  you  might 
think:“Here  we  go  again, 
another  network  start-up.” 

But  in  this  case, you’d 
be  flying  off  course. 

DayJet,  the  brainchild  of  Citrix  co-founder  Ed  lacobucci.is  a 
tech  company  at  heart,  but  its  focus  is  on  simplifying  air  travel 
for  business  executives  in  areas  under-served  by  major  airlines. 

See  DayJet,  page  18 


Ed  lacobucci,  CEO  of  DayJet,  is  look¬ 
ing  to  marry  two  of  his  personal  pur 
suits  -  technology  and  aviation  -  to 
create  an  on-demand  airline  service 
for  traveling  executives. 


VeriSign.  Where  it  all  comes  together; 


Billions  of  times  each  day,  the  world  interacts  with  a  company  you  may  not  realize  is  there.  One  that  is  driving  dynamic  transformations  at  the  very 
core  of  commerce  and  communications.  VeriSign.  Through  our  Intelligent  Infrastructure  Services,  we  enable  businesses  and  individuals  to  find 
connect,  secure,  and  transact  across  today's  complex  Internet,  telecom,  and  converged  networks.  We  operate  the  systems  that  manage  .com  and 
.net,  handling  14-billion  Web  and  email  look-ups  every  day.  We  run  one  of  the  largest  telecom  signaling  networks  in  the  world,  enabling  services  such 
as  cellular  roaming,  text  messaging,  caller  ID,  and  multimedia  messaging.  We  manage  network  and  user  security  for  over  3,000  global  businesses 


Where  14-billion  Web  site  look-ups  and  email  get  directed. 

Where  2.7-billion  phone  connections  get  routed. 
Where  3,000  global  enterprises  get  secured. 
Where  $100-million  in  online  commerce  gets  transacted. 

Every  day. 


©2005  VeriSign,  Inc.  All  rights  reserved.  VeriSign,  the  VeriSign  logo,  "Where  it  ail  comes  together,"  and  other  trademarks,  service  marks,  and  designs  are  registered  or  unregistered  trademarks  of  VeriSign  and  its  subsidiaries  in  the  United  States  and  in  foreign  countries. 
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and  400.000  Web  sites.  And  we  handle  over  30  percent  of  all  e-commerce  transactions  in  North  America,  processing  $100-mit)ion  in  daijy  ■:"£.■? * 

As  next-generation  networks  emerge  and  converge,  VeriSign  will  be  there,  deploying  the  Intelligent  Infrastructure  Services  necessar# fdfV 
everything  from  RFID-enabled  supply  chains  to  inter-enterprise  VoIP  to  mobile  and  rich  media  content  distribution.  Whether  yoy’re  a. telecom, 
carrier  looking  to  rapidly  deploy  new  services;  a  Fortune  500  enterprise  needing  comprehensive,  proactive  security  services;  or  an  e-commerce:  •■WawafiB 
leader  wanting  to  securely  process  payments  and  reduce  fraud,  we  can  help  We're  VeriSign.  Where  it  all  comes  together".'  . .  '  > 
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www.VeriSign.com 

Download  now:  free  white  paper  on  Intelligent  Infrastructure  Services 


MEANS  MORE  POWER 
MORE  AFFORDABLY 


ProCurve  Networking  by  HP  offers  a  range  of  affordable 
gigabit-enabled  switches  that  is  second  to  none.  That 
means  you  can  get  better  performance  from  your  network 
along  with  better  performance  from  your  networking 


dollars.  Downloads  that  used  to  take  minutes  can  now  be 
done  in  seconds.  And  you  can  do  it  for  cents.  Not  dollars. 
That’s  high-availability  gigabit  performance  at  the  edge — 


not  just  the  core  of  your  network.  What’s  more, 
ProCurve  gigabit-enabled  switches  are  backed  by 
a  lifetime  warranty* — perhaps  the  best  in  the  industry. 


More  affordability.  More  choice.  More  productivity. 


♦Lifetime  warranty  applies  to  all  ProCurve  Products,  excluding  the  ProCurve  routing  switch  9300m  Series  and  Secure  Access  700w!  Series,  which  have  a  one-year  warranty  with  extensions  available.  ©2004  Hewlett-Packard  Development  Company,  L.R 


8  Veritas,  others  launch  continuous  data  protection. 


NetworkWorld 


■  8  FullArmor,  DesktopStandard  give  boost  to  Microsoft  tools. 

■  8  Cisco  snaps  up  bandwidth  optimizer  FineGround. 

■  10  HP  continues  move  toward  Itanium. 

■  10  Big-business  technologists  talk  up  Linux. 

■  12  Enigmatec  tackles  data  center  automation. 

■  12  Peeking  into  Juniper’s  future. 


Features 

WOPSt_CaSG  scenario!  It's  one  thing  to  get  hit  with 
the  Slammer  worm,  it's  quite  another  to  find  yourself  in  the 
slammer  for  violating  federal  regulations  such  as  HIPAA  or 
Sarbanes-Oxley.  According  to  experts,  it's  unlikely  that  an  IT 
pro  would  face  criminal  charges  for  a  serious  violation,  but 
it's  certainly  not  impossible.  PAGE  38. 

Check  Point's  VPN-1  Edge  W  security  gateway 
adds  wireless  support.  PAGE  40. 

Microsoft's  64-bit  version  of  Windows  Server 
2003  adds  performance  punch.  PAGE  41. 
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■  15  Server  sales  show  modest  growth. 

■  18  After  theft,  Bank  of  America  tightens  online  security. 
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■  19  IBM  tool  bolsters  company 
privacy. 


■  33  FAIS  spurs  storage 
applications. 


■  19  Accton  to  launch  WLAN  mesh 
products. 

■  20  Firefox  users  snap  up 
anti-phishing  toolbar. 

■  20  Vendor  stretches  its  ID 
management  suite. 

Enterprise 

Computing 

■  23  Stolen  laptop  puts  MCI  data 
at  risk. 

■  23  Dave  Kearns:  ID  mgmt 
without  all  the  complexity. 

■  24  Special  Focus: 

Microsoft  seeks  to  get  servers  in 
sync. 

Application 

Services 

■  25  Network  tools  take  on 
security  roles. 

■  25  Study:  Linux  sales  inch 
Oracle  closer  to  IBM. 

■  28  Scott  Bradner:  An 

inherent  conflict  of  interest. 


■  33  Steve  Blass:  Ask  Dr. 

Internet. 

■  34  Mark  Gibbs: 

751,075,200  seconds  after  the  PC 
launch. 

■  34  Keith  Shaw:  Cool  tools, 
gizmos  and  other  neat  stuff. 

Net.Worker 

■  35  Microsoft  targets  CPAs  with 
application. 

■  35  James  Gaskin:  Sage 
entrenched  in  reseller  market. 

Opinions 

■  36  On  Technology: 

Become  an  Enterprise  All-Star. 

■  37  Nick  Lippis:  Cisco  gets 
proactive. 

■  37  James  Kobielus: 

Microsoft's  ill-conceived  ID  plan. 

■  50  BackSpin:  Shameful 
engineering. 

■  50  'Net  Buzz:  Is  WeatherBug 
a  nuisance  or  a  business  tool? 


Breaking  News  Go  online  for  breaking  news  every  day.  DocFinder:  1001 


Available  only  on 
NetworkWorld.com 

Forum:  Windows  as  a  national 
security  risk 

Columnist  Winn  Schwartau  discusses  why  he  now  thinks  "the 
WinTel  platform  represents  the  greatest  violation  of  the  basic 
tenets  of  information  security  and  has  become  a  national  econom¬ 
ic  security  risk.”  Mac  and  Windows  supporters  flood  the  forum. 
Read  their  reactions  and  add  your  own.  DocFinder:  7344 

Forum:  Tiger  and  iPhoto 

BackSpin  columnist  Mark  Gibbs  discovers  iPhoto  on  his  new  Mac 
can’t  handle  15,000  photos:  "And  I  thought  Mac  applications  were 
generally  considered  to  be  better  than  Windows  applications. 
Evidently  this  is  not  the  case.”  Your  reaction?  DocFinder: 
7345 

Network  World  Radio:  Get  ready  for  IPv6 

With  the  proliferation  of  Internet-connected  devices  continuing, 
we’re  quickly  running  out  of  usable  address  space  for  all  things 
networked.  IPv6,  a  new  addressing  scheme  that's  been  around 
for  a  while,  might  finally  be  taking  hold,  providing  much-needed 
relief  to  an  overburdened  ‘Net.  Karl  Siil,  chief  architect  at  Lumeta, 
a  provider  of  network  intelligence  tools,  joins  us  to  discuss  IPv6, 
its  benefits  and  challenges.  DocFinder:  7346 


Online  help  and  advice 

Nutter’s  Help  Desk 

When  wireless  connections  go  bad 

Help  Desk  guru  Ron  Nutter  offers  suggestions  to  a  reader  who  asks: 
“I  have  had  so  much  trouble  with  my  wireless  hookup  that  I  am  about 
to  junk  it.  I  will  get  it  working,  and  it  is  OK  for  a  week  or  so,  then 
overnight  it  stops  working.  When  I  try  to  get  it  operating  again,  I 
sometimes  have  a  lot  of  trouble.  Could  it  be  a  defective  router?" 
DocFinder:  7347 

Home  LAN  Adventures 

The  latest  home  network  equipment  predictions 
Columnist  Keith  Shaw  looks  at  predictions  on  the  growth  of  home  net¬ 
works  and  the  struggle  of  consumer  SOHO  wireless  LAN  vendors. 

DocFinder:  7348 

Multimedia  Exchange 

How  to  embed  Google  Maps 

Network  World  Multimedia  Editor  Jason  Meserve  writes:  “Google  Maps 
have  become  all  the  rage,  with  sites  like  Cheap  Gas  and 
HousingMaps.com  taking  advantage  of  the  service  to  offer  innovative 
ways  to  find  things.  Now  you  too  can  embed  Google  Maps  into  your 
Web-based  application  with  this  how-to."  DocFinder  7349 
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Service  Providers 

■  29  Qwest  adds  breadth  to  iQ 
WAN  services. 

■  29  Sprint  offering  wireless 
customers  location  services. 

■  29  Johna  Till  Johnson: 

Keeping  up  with  privacy  in  the 
information  age. 


Management 

Strategies 

■  45  Security  best  practices: 
Network  protection  requires  striking 
the  right  balance  between  risk  and 
cost. 
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Network  Life.  Spotlight  on  home  network 
security 

Keeping  home  nets  free  from  viruses,  bugs,  spyware  and  worms 
isn't  easy.  The  latest  edition  of  Network  Life  offers  strategies  on 
securing  your  home  network,  10  ways  to  stop  spyware,  tests  of  a 
WLAN  security  system,  a  WLAN  extender  and  much  more. 

DocFinder:  6451 


Free  e-mail 
newsletters 

Sign  up  for  any  of  more 
than  50  newsletters  on 
key  network  topics. 

DocFinder  1002 


Too  much  security 

Executive  Online  Editor  Adam  Gaffin  looks  at  the  plight  of  Scott,  who 
“buys  a  new  HP  desktop  with  Norton  Internet  Security  installed.  But 
then  he  discovers  it's  been  configured  to  not  connect  to  his  home 
network's  workgroup.  He’s  forced  to  call  in  a  tech  who  promptly  tells 
him  the  only  answer  is  to  uninstall  the  Norton." 

DocFinder:  7350 

Seminars  and  Events 

IT  Strategies  for  Small  to  Midsized  Businesses:  A  Practical  Blueprint 
for  Smart  Growth 

A  new  Technology  Tour  Event  and  Expo  packed  with  the  practical  guki 
ance  you  need  to  create  an  IT  strategy  that  saves  wasted  expenditures 
and  your  sanity.  Six  hours  that  could  put  tens  of  thousands  of  dollars 
back  to  work  elsewhere  in  your  business.  Want  in?  Qualify  and  you  can 
attend  free.  DocFinder:  7351 
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House  passes  anti-spyware  bills 

■  The  U.S.  House  of  Representatives  last  week  passed  two  pieces  of 
legislation  aimed  at  getting  tough  on  anyone  who  uses  spyware  to 
commit  a  crime.The  House  voted  to  establish  a  fine  of  up  to  $3  mil¬ 
lion  and  jail  sentences  of  up  to  two  years  for  those  engaging  in  cer¬ 
tain  types  of  activities  that  involve  use  of  spyware  to  steal  credit 
card  numbers  and  commit  other  crimes.  The  bills  also  prohibit 
practices  such  as  restarting  the  page  on  a  users  browser,  logging 
keystrokes  to  capture  passwords  and  other  sensitive  data,  or  launch¬ 
ing  pop-up  ads  that  can’t  be  closed  without  shutting  down  a  com¬ 
puter.  The  legislation  awaits  action  in  the  Senate. 

CIA  stages  mqjor  cyberterrorism  drill 

■  The  CIA  last  week  held  a  top-secret,  three-day  war  exercise  called  Silent  Horizon 
designed  to  test  the  nation’s  ability  to  respond  to  a  cyberterrorism  barrage  of  the  same 
scope  as  the  Sept.  1 1  terrorist  attacks,  according  to  sources  who  spoke  to  the  Associated 
Press  on  the  condition  that  their  names  not  be  revealed.The  exercise  was  set  five  years  in 
the  future  and  featured  an  attack  by  a  fictional  alliance  of  organizations,  including  hack¬ 
ers.  The  ClAs  little-known  Information  Operations  Center,  which  evaluates  threats  to  U.S. 
computer  systems  from  foreign  governments,  criminal  organizations  and  hackers,  was  run¬ 
ning  the  war  game.  About  75  people  gathered  in  conference  rooms  and  reacted  to  signs 
of  mock  computer  attacks. 

Qwest  concedes  MCI  quest  finally  over 

■  Qwest  has  abandoned  its  pursuit  of  MCI,  Qwest  CEO  Richard  Notebaert  told  share¬ 
holders  last  week.  The  concession  appears  to  end  a  bidding  war  between  Qwest  and 
Verizon,  which  on  May  2  announced  it  would  acquire  MCI  for  at  least  $26  per  share.  As 
with  several  earlier  bids,  MCI’s  board  preferred  Verizon’s  to  a  $30-per-share  offer  from 
Qwest,  in  part  because  of  Verizon’s  perceived  greater  financial  stability  The  company  said 
in  a  statement  that  it  was  no  longer  in  its  best  interests  to  pursue  the  global  long-distance 
and  data  carrier.  However,  some  large  MCI  shareholders  have  expressed  disappointment 
with  the  Verizon  deal.  Notebaert  was  unequivocal  in  his  comments.  Qwest  believes  it 
could  have  created  more  value  for  MCI  shareholders,  “but  it  became  more  and  more 
apparent  ...that  there  really  wasn’t  an  effort  to  negotiate  in  good  faith.And  so, we  did  what 
we  always  do.  After  an  extraordinary  effort  by  scores  of  Qwest  people,  we  stayed  with  our 
disciplined  approach  and  we  halted  our  efforts,”  he  said. 


“I  knew  her  ego  was  getting  out  of 
control  when  she  designed  this 
new  chip,  but  this  is  ridiculous.” 


Robert  Currie  of  Washougal, 

Wash,,  deserves  a  swelled  head  for  providing  the  above  and  win¬ 
ning  this  week's  contest.  Gheck  in  every  Monday  for  the  start  of  a 
new  contest. 
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Putting  zombies  in 

their  place.  The  Federal 
Trade  Commission  in  conjunction 
with  regulatory  bodies  in  about  30 


countries  is  about  to  launch  an 


education  campaign  directed  at  ISPs 
to  help  stomp  out  so-called 
"zombies."  Attackers  use 
malicious  software 
distributed  over  the 
Internet  to  gain  control  of 
unsecured  PCs  and 
servers,  turning  them  into 
zombies  used  to  launch  denial-of-service 
attacks  or  send  spam.  "I've  seen  estimates  that 
anywhere  from  80%  to  90%  of  the  spam  out  there  is  processed 
through  [zombie  networks],"  says  Don  Blumenthal,  Internet  lab  coordinator  at  the 
FTC.  "It  is  certainly  a  critical  problem." 


0  \  Instant  scams.  Users  of  instant-messaging  applications  from  Yahoo 
and  AOL  last  week  were  being  warned  of  two  new  threats  spreading  via  IM.  The 
first  is  a  worm  targeting  AOL’s  Instant  Messenger  software  that  could  potentially 
allow  an  attacker  to  gain  control  of  a  user's  system,  according  to  security  researchers. 
The  other  is  a  phishing  scam  propagated  through  Yahoo  Messenger  that  tries  to 
|  lure  users  into  revealing  their  Yahoo  credentials. 


®  IPv6  rage.  As  countries  such  as  China  and  Japan  embrace  IPv6,  the  U.S. 
is  in  danger  of  losing  its  technology  leadership,  says  Alex  Lightman,  chairman  of 
the  Coalition  Summit  for  IPv6.  Lightman  called  on  the  U.S.  Congress  to  mandate 
IPv6  adoption  among  federal  agencies  as  a  step  toward  countrywide  adoption.  "The 
U.S.  government  is  being  very  stupid  about  doing  IPv6,  and  it’s  going  to  put  us  at 
a  disadvantage,"  he  says. 


European  lawmakers  balk  at  security  measure 

■  European  lawmakers  have  rejected  legislation  designed  to  fight  terrorism  that  would 
force  telephone  operators  and  ISPs  to  store  sensitive  call  data  for  up  to  three  years. 
Members  of  the  European  Parliament’s  civil  liberties  committee  last  week  voted  to 
approve  a  report  that  rejected  the  plans  for  data  retention  rules  as  “disproportionate  and 
ineffective.” The  member  of  Parliament  who  drafted  the  report,  Alexander  Alvaro,  said  the 
data-retention  proposal  does  “not  comply  with  the  fundamental  principle  of  the  pre¬ 
sumption  of  innocence.”  He  added  that  to  date  there  was  “no  evidence  that  the  informa¬ 
tion  being  collected  would  give  legal  authorities  an  advantage  in  the  fight  against  terror¬ 
ism.”  Under  the  proposal,  drafted  by  the  U.K.,  Ireland,  Sweden  and  France,  operators  would 
have  to  keep  for  at  least  12  months  all  data  containing  the  source,  routing,  destination, 
time,  date  and  duration  of  communications,  as  well  as  the  location  of  the  telecom  device 
used  in  making  the  call.The  rules  would  apply  to  providers  of  fixed-line  services,  mobile- 
phone  short,  messaging  service  operators  and  ISPs,  including  VoIP  providers. 

AT&T  loses  $1  billion  Treasury  deal 

■The  Department  of  the  Treasury  last  week  canceled  a  10-year,  $1  billion  telecom  services 
deal  with  AT&T.The  move  had  been  expected  by  AT&T  competitors,  whose  protests  against 
the  award  were  upheld  by  the  Government  Accountability  Office  (GAO).  Last  December, 
AT&T  Government  Solutions  won  the  Treasury  Communications  Enterprise  (TCE)  deal  to 
build  a  secure,  high-speed  IP  VPN  to  handle  the  Treasury  Department’s  voice,  video  and 
data  traffic.  Protests  were  filed  by  rival  bidders,  including  Broadwing  and  MCI.  In  March,  the 
GAO  recommended  the  Treasury  Department  reopen  negotiations  with  all  bidders.  The 
department  now  says  it  will  purchase  telecommunications  services  through  current  con¬ 
tracts  held  by  the  General  Services  Administration.The  TCE  contract  would  have  provided 
telecom  services  and  support  to  more  than  1 ,000  domestic  locations  and  tens  of  thousands 
of  agency  users  in  the  U.S.  and  overseas. 


AN  GAIDRY 


NetScaler  makes 

any  application 

run  up  to 

5  times  faster 

for  anyone,  anywhere. 


©  2005  NetScaler,  Inc.  All  trademarks  are  the  properties  of  their  respective  owners. 


net) 


.  -ri-  - 

■  ■  VivViV 

f  .  y  :  -V '  1 

I 

■  -v,. 

.•V<  •  : 

■ 


Every  day,  leading  Global  2000 
including  the  five  largest  e-businesses  in  the 


world,  rely  on  NetScaler  to  dramatically  accel¬ 
erate  application  performance.  All  without 
adding  servers,  bandwidth,  or  consultants. 
Perhaps  that’s  why 


#1  in  Customer  Satisfaction* 


NetScaler  is  rated  #1 
in  customer  satisfac¬ 
tion  among  Layer  4-7 
networking  vendors. 
See  what  NetScaler 
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NetScaler  Cisco 


* Percent  of  customers  who  gave 
can  do  for  you  at  vendor  5-out-of-5  rating  for 


overall  customer  satisfaction. 
WWW. netscaler.com/5x  Frost  &  Sullivan,  May  2005. 
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Continuous  backup  steals  the  spotlight 


■  BY  DEN! CONNOR 

CHICAGO  —  Continuous  data 
protection,  the  new  darling  of 
the  storage  market,  got  lots  of 
play  at  last  week’s  Storage 
Decisions  conference. 

A  host  of  vendors,  including 
FalconStor  and  Veritas,  an¬ 
nounced  products  falling  into 
this  category  The  back-up  and  re¬ 
covery  technology  also  known  as 
CDP  continuously  saves  data  to 
disk  so  that  information  can  be 


recovered  from  any  point  in  time, 
even  minutes  ago. 

“CDP  is  like  insurance, "said  Brad 
O’Neill,  senior  analyst  for  Taneja 
Group.“Customers  have  built  huge 
production  environments  that  all 
the  company’s  assets  are  riding 
on.  Even  though  it  is  expensive  to 
protect,  you  have  to  ensure  that 
the  asset  is  protected.” 

Veritas  aired  software,  code- 
named  Panther,  for  recovering 
files  and  data  adhering  to  Micro¬ 
soft’s  Common  Internet  File 


System  format.  Like  Microsoft’s  re¬ 
cently  announced  Data  Pro¬ 
tection  Manager,  the  Veritas  soft¬ 
ware  is  designed  to  help  end 
users  find  lost  data  without  the 
assistance  of  IT  staff. 

Future  versions  will  support 
backup  and  recovery  of  e-mail 
and  database  files,  Veritas  says. 
The  company  has  no  plans  to 
protect  Unix  or  Linux  Network 
File  System  data.  Further,  Panther 
will  work  only  on  Windows  2003 
Server  networks  that  use  Micro- 


Vendors  give  boost  to 
Microsoft  management  tools 


Policy  providers 


In  coming  weeks,  vendors  will  release  software  that 
extends  the  group  policy  features  of  Microsoft’s  Active 
Directory.  Group  policy  supports  centralized 
management  of  servers  and  desktops. 


Vendor 

FullArmor 


DesktopStandard 


Highlight 

IntelliPolicy  j  Provides  ability  to  restrict 
for  Clients  i  administrative  rights  that  end 
users  have  on  their  desktops. 

GPOVault  Change  control  extension. 


■  BY  JOHN  FONTANA 

Two  management  vendors  are 
readying  extensions  for  Micro¬ 
soft’s  group  policy  technology 
designed  to  help  corporations 
lock  down  their  desktops  and 
improve  operations  for  securing 
servers  and  PCs. 

FullArmor  this  week  is  releas¬ 
ing  its  IntelliPolicy  for  Clients  1.5, 
which  includes  controls  that  let 
customers  limit  local  administra¬ 
tive  rights  that  end  users  have  on 
their  own  desktops.  Those  rights 
are  seen  as  a  security  risk  in  the  face  of  malware 
and  worms  because  they  provide  the  ability  to 
control  anything  on  the  desktop,  including  chang¬ 
ing  registry  settings  and  installing  software. 

In  early  June,  DesktopStandard  plans  to  release 
GPOVault,  a  repository  where  group  policy  objects 
can  be  edited  and  tested  before  being  deployed. 
Users  also  can  delegate  rights  to  edit  certain  poli¬ 
cies  to  specific  administrators. 

Both  tools  plug  directly  into  the  Group  Policy 
Management  Console  provided  with  Active 
Directory. 

Microsoft’s  group  policy  technology,  which  is 
supported  on  Windows  2000,  XP  and  Windows 
Server  2003,  works  in  conjunction  with  Active 
Directory  and  allows  administrators  to  manage, 
customize  and  lock  down  desktop  and  server  set¬ 
tings  based  on  a  set  of  policies  maintained  in  the 
directory.  The  policies,  for  example,  can  prevent 
users  from  changing  settings  and  can  disable  ser¬ 
vices  such  as  USB  ports  to  prevent  use  of  remov¬ 
able  storage  devices. 

“Group  policy  is  very  significant,  and  more  than 
80%  of  Windows  2000  users  are  using  it,”  says 
William  Hurley,  senior  analyst  at  Enterprise 
Strategy  Group.  “The  goal  is  to  use  policy-based 
management  to  normalize  and  standardize  the 
environment  and  create  a  more  secure  network 
from  a  management  perspective.  It’s  an  awfully 
powerful  tool.” 

FullArmor  says  it  hopes  to  boost  that  power 
with  IntelliPolicy  for  Clients  1.5,  which  lets  IT  staff 


activate  local  administrative  rights  on  desktops  on 
an  application-by-application  basis.  In  addition, 
the  tool  lets  administrators  proactively  block  those 
rights  for  certain  applications  such  as  Microsoft 
Outlook,  especially  on  the  desktops  of  users  that 
need  local  administrative  rights  activated,  such  as 
IT  staff. 

IntelliPolicy  for  Clients  also  has  features  for  locking 
down  settings  in  Outlook  and  for  automatically 
changing  local  administrator  passwords  across  a 
network  at  defined  intervals.The  software  is  priced 
at  $7  per  user. 

DesktopStandard  is  adding  to  group  policy  fea¬ 
tures  with  its  GPOVault,  a  repository  for  group  pol¬ 
icy  objects  (GPO),  which  are  collections  of  rules 
that  can  be  universally  applied. 

GPOVault  lets  users  control  the  creation,  modifi¬ 
cation  and  deletion  of  GPOs;  delegate  responsi¬ 
bility  for  GPOs  to  specific  administrators;  assign 
users  roles  such  as  editing,  review  and  approval, 
and  audit  all  activity.  GPOVault  also  lets  users 
recover  a  deleted  GPO,  repair  live  GPOs  and  roll 
back  any  changes. 

DesktopStandard  now  offers  a  free  version  of 
GPOVault,  but  the  company  doesn’t  recommend  it 
for  corporate  deployment.  Later  this  year,  the  com¬ 
pany  will  release  a  client/server  version  that  will 
include  a  proxy  to  enforce  security  on  GPOVault, 
including  approval  of  any  delegation  right 
changes  or  check-in/checkout  of  GPOs. 

The  client/server  version  of  GPOVault  is  priced 
at  $1,400  per  server.* 


soft’s  Volume  Shadow  Copy  Ser¬ 
vices,  which  creates  point-in-time 
snapshots  of  data. 

The  current  software  is  in  beta 
testing,  with  a  final  product  ex¬ 
pected  to  ship  by  year-end. 

Meanwhile,  FalconStor  an¬ 
nounced  that  its  Virtual  Tape 
Library  (VTL)  software  now  will 
include  support  for  CDP  prod¬ 
ucts, as  well  as  traditional  back-up 
software  from  Veritas,  Legato  and 
IBM/Tivoli.  FalconStor’s  VTL  tech¬ 
nology,  which  is  the  basis  for 
EMC’s  Clariion  Disk  Library  and 
Copan  System’s  Revolution  200T, 
is  priced  starting  at  $25,000. 

Revivio,  a  start-up  in  the  CDP 
market,  said  it  has  begun  ship¬ 
ping  a  version  of  its  CPS  1200 
that  enables  end  users  to  recover 
Microsoft  Exchange  e-mails  with¬ 
out  calling  on  IT  staff.  Pricing 
was  not  available. 

Also  at  the  show  Softek  an¬ 
nounced  enhancements  to  its 
Disaster  Recovery  Manager  and 
Replicator  products.  The  compa¬ 
ny  says  users  of  its  disaster-recov¬ 


ery  software  now  can  confirm 
that  files  are  protected  and  recov¬ 
erable,  while  users  of  its  replica¬ 
tion  software  can  ensure  remote 
data  copying  is  taking  place  even 
if  an  application  fails  over  to 
another  node  in  a  cluster.  Disaster 
Recovery  Manager,  which  is 
priced  starting  at  $30,000,  is  for 
Z/OS  and  OS/390  mainframe  en¬ 
vironments;  Softek  Replicator 
works  with  Windows  and  is  com¬ 
patible  with  Microsoft  Cluster 
Services.  It  starts  at  $2,500.® 


More  online! 

Find  out  what  early  adopters  of  this  back¬ 
up  and  recovery  technology  had  to  say  in 
these  recent  stories: 

DocFinder.  7342, 7343 


Cisco  snaps  up 
bandwidth  optimizer 

■  BY  PHIL  HOCHMUTH  AND  JIM  DUFFY 

Cisco  last  week  said  it  plans  to  acquire  privately  held  FineGround 
Networks,  a  maker  of  application  acceleration  and  bandwidth  opti¬ 
mization  appliances,  for  $70  million. 

FineGround’s  appliances  are  designed  to  accelerate,  secure  and 
monitor  application  delivery  while  minimizing  bandwidth  usage  in 
data  centers.  Cisco  plans  to  integrate  the  company’s  technology  in 
its  routing  and  switching  products  to  provide  secure  and  optimized 
delivery  of  Web-based  applications. 

Application  acceleration  and  bandwidth  optimization  has  been 
a  hot  area  of  late.  Cisco  rival  Juniper  Networks  recently  announced 
plans  to  acquire  Peribit  Networks  and  Redline  Networks,  two  mak¬ 
ers  of  acceleration  and  optimization  products,  for  a  combined 
$469  million. 

FineGround’s  patented  technology  decreases  latency  and  offloads 
processing  from  servers  across  the  network,  Cisco  says.  The  appli¬ 
ances  improve  end  user  response  times  by  up  to  five  times,  reduce 
application  bandwidth  usage  by  up  to  90%,  and  slash  the  load  on 
servers  by  up  to  90%,  Cisco  says. 

The  appliances  also  incorporate  application  firewall  functions  to 
let  organizations  secure  and  mitigate  the  risk  of  Web-enabled  busi¬ 
ness  transactions,  Cisco  says. 

Under  the  terms  of  the  agreement,  Cisco  will  pay  approximately 
$70  million  in  cash  and  options.  The  acquisition  is  expected  to 
close  in  the  fourth  quarter  of  Cisco’s  fiscal  year  2005,  which  ends 
July  30. 

FineGround  will  become  part  of  Cisco’s  Security  Technology 
Group, and  CEO  Nat  Kausik  will  continue  to  manage  operations.The 
company  was  founded  in  June  2000  and  has  42  employees. 

With  FineGround  being  its  fifth  acquisition  this  year,  Cisco  is  on 
its  busiest  pace  since  2000,  when  it  ended  the  year  with  23 
buyouts.® 
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siP  continues  move  toward  Itanium 

Lxpected  announcements  could  give  customers  more  standards-based  tools  to  use  in  a  data  center. 


End  of  the  line:  HP's  Unix  servers  get  their  last  PA-RISC  boost,  with  double 
the  cache  and  a  slight  jump  in  clock  speed,  before  the  systems  transition 
to  the  Itanium  processor. 


■  BY  JENNIFER  MEARS 

HP  this  week  is  expected  to  an¬ 
nounce  the  final  update  to  its  PA- 
RISC  processor  and  unveil  its  first 
Itanium-based  NonStop  system  as 
the  company  moves  closer  to 
completing  its  transition  to  an 
Intel-only  server  vendor. 

HP  executives  say  the  an¬ 
nouncements,  which  also  include 
an  update  to  Systems  Insight 
Manager  and  enhancements  to 
BladeSystem  products,  are  aimed 
at  giving  customers  more  stan¬ 
dards-based  tools  to  use  in  creat¬ 
ing  a  data  center  that  is  respon¬ 
sive  to  business  needs;  what  HP 
calls  its  Adaptive  Enterprise.  The 
news  is  expected  to  be  an¬ 
nounced  this  week  at  the  Ensa@- 
Work  —  HP  Enterprise  Forum  in 
Copenhagen. 

The  new  PA-RISC  chip,  the  PA- 
8900,  will  include  a  64M-byte 
Level  2  cache,  twice  the  size  of 
the  cache  of  its  predecessor,  the 
PA-8800.  But  it  will  run  at  a  slight¬ 
ly  faster  clock  speed  —  1.1  GHz, 
as  compared  with  1  GHz  for  the 
PA-8800,  says  John  Miller,  director 
of  portfolio  marketing  for  enter¬ 
prise  storage  and  servers  at  HP 

The  new  processor,  a  dual-core 


design  like  the  PA-8800,  will  be 
available  in  the  full  line  of  HP 
9000  servers,  ranging  from  the 
dual-processor  rp3410  to  the 
Superdome,  which  comes  with 
up  to  128  processors.The  low  end 
of  the  line  will  not  see  the  clock 
speed  boost  but  will  get  the  larger 
cache  size. 

“Customers  get  the  most  bene¬ 
fits  for  low-end  workloads  from 
cache  improvement,”  Miller  says. 

Pricing  for  the  upgraded  sys¬ 
tems  will  be  similar  to  that  of 
servers  based  on  the  PA-8900,  and 
the  boxes  will  be  upgradeable  to 
Itanium,  he  says.  The  PA-RISC 
Superdome  will  be  able  to  mix 
and  match  RISC  and  Itanium 
chips. 

The  idea  is  to  give  customers  a 
smooth  migration  path  to  the 
Itanium  platform,  Miller  says.  HP 
plans  to  offer  PA-RISC-based 
servers  through  2008  and  support 
the  systems  through  2013. 

That’s  the  same  timeline  for 
availability  and  support  of  HP’s 
fault-tolerant,  MIPS-based  Non- 
Stop  servers.  HP  is  expected  to  an¬ 
nounce  that  its  first  Itanium- 
based  NonStop  systems  will  ship 
by  the  end  of  July 

The  servers,  which  scale  from 


four  to  more  than  4,000  proces¬ 
sors,  will  include  new  application- 
virtualization  features  and  offer 
triple  modular  redundancy  to 
improve  uptime  to  seven  nines, 
the  company  says.  Pricing  for  the 
systems  ranges  from  $400,000  to 
several  million  dollars. 

Customers  are  hesitant 

While  HP’s  customers  have 
been  hesitant  about  the  move  to 
Itanium,  interest  has  picked  up  re¬ 
cently  Sales  of  Integrity  servers  in 
the  three  months  ended  April  30 
were  up  37%,  year  over  year,  the 


company  said  last  week  when  it 
reported  its  most  recent  financial 
results. 

“Our  NonStop  customers  are 
very  excited  about  this  move  [to 
Itanium]  because  they  like  the 
notion  of  an  architecture  built 
from  industry  standards  but  yet 
not  compromising  on  the  [fault- 
tolerant]  value  of  what  the  Non- 
Stop  is,”  Miller  says. 

In  an  effort  to  make  the  transi¬ 
tion  easier,  HP  is  updating  its 
Systems  Insight  Manager  software 
to  include  support  for  Integrity 
NonStop  systems  and  storage,  giv¬ 


ing  end  users  a  single  console 
view  of  their  data  centers.  The 
update,  Systems  Insight  Manager 
5.0,  is  scheduled  to  be  available  in 
August,  along  with  several  add¬ 
ons,  including  the  HP  ProLiant 
Essentials  Server  Migration  Pack, 
which  will  enable  users  to 
migrate  x86-based  systems 
between  virtual  and  physical 
environments. 

Finally,  HP  is  expanding  its 
BladeSystem  offerings  with  two 
integrated  storage  switches.  A  4G 
bit/sec  Fibre  Channel  switch  from 
Brocade  Communications  is 
priced  starting  at  just  less  than 
$11,000.  The  switch  will  support 
up  to  16  blades,  the  company 
says.  A  McData  4G  bit/sec  Fibre 
Channel  switch  is  scheduled  to 
be  available  in  June,  when  more 
details,  including  pricing,  will  be 
released. 

IDG  News  Service  correspon¬ 
dent  Robert  McMillan  contributed 
to  this  report. 

Servers 

Subscribe  to  our  free  newsletter. 
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Big-business  technologists  talk  up  Linux 


■  BY  PHIL  HOCHMUTH 

NEW  YORK  —  Several  IT  executives  at 
the  LinuxWorld  Summit  last  week  rein¬ 
forced  the  idea  that  Linux  now  has  the 
technical  brawn  and  industry  support  to 
accommodate  the  most  demanding  busi¬ 
ness  applications  in  environments  such  as 
finance,  airline  reservations  and  stock 
trading. 

Speaking  at  the  trade  show,  top  technolo¬ 
gists  from  Citigroup,  Cendant  Travel  Dis¬ 
tribution  Services,  E*Trade  Financial  and 
other  companies  shared  their  experiences 
with  Linux  in  a  corporate  environment. 

While  the  next  full-scale  LinuxWorld 
won’t  take  place  until  August  in  San  Fran¬ 
cisco,  the  smaller,  regional  LinuxWorld 
Summit  offered  East  Coast  IT  professionals 
a  chance  to  exchange  best  practices  and 
learn  about  the  latest  open  source  tech¬ 
nology  The  show  drew  more  than  a  dozen 
exhibitors,  including  IBM,  Novell,  Nokia 
and  Sybase,  and  more  than  300  IT  execu¬ 
tives,  according  to  show  organizers. 

The  promises  of  a  succesful  move  to 
Linux  —  greater  speed  and  lower  costs  — 
are  what  every  technology-dependent 


It  We  were  a  poster  child 
for  Sun.  We  had  done  every¬ 
thing  quote-unquote  right 
from  an  Internet  company 
standpoint  11 

Joshua  Levine 

CTO,  E*Trade  Financial 

business  is  after. 

“We  were  a  poster  child  for  Sun,”  said 
Joshua  Levine,  CTO  and  operations  officer 
at  E*Trade  Financial  in  New  York.  During 
the  Internet  boom,  he  said,  E*Trade  went 
on  a  rampant  server  consolidation  project, 
moving  to  some  of  the  largest  Sun  plat¬ 
forms.  “We  had  done  everything  quote- 
unquote  right  from  an  Internet  company 
standpoint.” 

But  then  the  downturn  came,  and  the 
firm  needed  to  improve  its  margins. 

“When  you  throw  everything  up  on  a 
white  board,  you  notice  the  only  technolo¬ 


gy  pricing  that’s  been  in  a  deflationary  spi¬ 
ral  is  around  the  Intel  architecture,”  he  said. 

This  led  the  firm  to  migrate  its  Unix  appli¬ 
cations  to  Linux  to  take  advantage  of  lower- 
cost  Intel  hardware.  A  Unix-to-Linux  port 
was  viewed  as  a  simpler  jump  than  Unix-to- 
Windows.  E*Trade  built  server  platforms 
on  Linux  and  Intel  for  about  $38,000  each 
that  improved  the  performance  of  similar 
Sun  systems,  which  cost  the  firm  about 
$250,000  per  server. 

Citigroup  looked  at  Linux  as  a  way  to  get 
more  use  out  of  its  mainframe  platform  by 
running  many  Linux  virtual  servers  on  one 
IBM  box.  But  before  adopting  Linux,  the 
company  spent  months  working  out  legal 
issues  related  to  a  move  to  open  source, 
said  Aaron  Graves,  vice  president  of  tech¬ 
nology  at  the  New  York  firm,  “it  took  us 
awhile  to  understand  what  a  support  con¬ 
tract  for  open  source  means.  It  was  really  a 
different  model,”  he  said. 

Having  the  backing  of  vendors  —  in 
Citigroup’s  case,  IBM  and  SuSE  —  was  key 
for  getting  everyone  on  board  with  Linux, 
“as  opposed  to  just  working  the  raw  open 
source  code,”  he  said. 

For  Cendant  Travel  Distribution  Services, 


which  handles  back-end  airfare  calcula¬ 
tions  for  sites  such  as  Orbitz.com,  Cheap 
Tickets.com  and  United  Airlines,  reliability 
was  an  issue  when  the  company  consid¬ 
ered  a  move  from  mainframes  to  Unix,  and 
ultimately  Linux. 

“You  can  say  something  is  faster  and 
cheaper,  but  if  the  system  is  not  up,  and 
you’re  losing  business  for  every  second  it’s 
down,  no  one  really  cares,”  said  Robert 
Wiseman,  CTO  for  Cendant  Travel  Distri¬ 
bution  Services  in  New  York. 

When  the  firm  was  considering  a  Linux 
switch,  the  IT  group  and  executive  man¬ 
agement  had  to  deal  with  some  scare  tac¬ 
tics  used  by  competing  vendors.  “We  had 
vendors  coming  in  and  calling  Linux  free¬ 
ware  to  scare  our  executives,”  he  said. 

After  months  of  testing  and  work  with 
hardware  and  software  partners,  Wiseman 
created  a  data  center  based  on  distributed 
dual-processor  Intel/Linux  servers,  which 
run  the  company’s  compute-intensive,  fare- 
calculation  programs  faster  than  previous 
mainframe  or  SMP  Unix  boxes. 

He  added  that  “our  uptime  [on  Linux] 
has  been  equal”  to  the  previous  two  plat¬ 
forms.  ■ 
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Peeking  into  Juniper’s  future 


Juniper  Networks  is  one  of  the 
few  vendors  that  has  figured 
out  how  to  stand  up  to  Cisco.  In 
core  Internet  routing,  Juniper 
holds  about  a  40%  market 
share  to  Ciscos  55%.  Last  year, 
the  company  took  aim  at  Cisco 
in  enterprise  routing,  introducing 
its  J-Series  WAN  routers.  Last 
month,  Juniper  acquired  two 
traffic-acceleration  start-ups,  fuel¬ 
ing  speculation  that  it  might  be  hungry  for  even 
more  enterprise  network  technologies.  CEO  Scott 
Kriens  recently  spoke  with  Network  World  Senior 
Editor  Phil  Hochmuth  about  Juniper’s  enterprise 
network  strategy. Here's  an  edited  transcript: 

You've  successfully  challenged  Cisco  in  Internet  routing; 
what's  your  plan  for  gaining  share  in  enterprise  routing, 
where  Cisco  is  more  dominant? 

The  strategy  is  to  focus,  execute  and  build  trusted 
relationships  with  customers  for  whom  the  network  is 
critical.  It’s  exactly  the  same  way  we  grew  to  a  40% 
market  share  in  the  service  provider  business  from 
zero.  It  looked  a  lot  more  daunting  as  a  company  of 
size  zero  to  grow  to  40%  in  mission-critical  backbone 
networking. We  don’t  take  any  success  for  granted.  It’s 
going  to  be  hard  work.  But  we  have  a  formula  and 
model  that  we’re  very  comfortable  with. 

What  is  it  about  a  Juniper  enterprise  router  that  would  make 
a  Cisco  customer  want  to  switch? 

Before  devolving  into  all  the  acronyms  and  gob- 
bledygook,  it’s  this:  deep  inspection  of  traffic  at  high 
speeds. The  compromise  in  any  implementation  that 
we  compete  against,  whether  it’s  firewalls  or  routers  or 
anything  else,  is  other  products  can  look  deeply  and 
carefully  at  the  traffic  flow,  as  long  as  it’s  going  slow 
enough.  Or  they  whip  it  through  fast  enough  to  meet 
the  requirement,  as  long  as  they  don’t  look  very  close. 
But  of  course  the  problem  is  you  have  to  look  very 
deep  —  closer  than  ever  —  inside  packets.  And  as  we 
start  to  do  things  such  as  run  video  and  live  TV  on  cell 
phones,  you  have  to  do  it  faster  than  ever. 

Regarding  your  recent  acquisitions  of  Peribit  and  RedLine, 
how  will  their  technologies  be  integrated  into  Juniper's  prod¬ 
ucts?  What's  the  value  of  these  technologies? 

This  area  of  application  performance  is  the  best-kept 
secret  in  networking.  [Their  products]  offer  a  dramatic 
improvement  in  Web  site  performance 
and  remote  access. 

Peribit  and  RedLine  weren’t  well 
known.Their  proposition  was  to  put 
their  respective  devices  in  line  and  have 
mission-critical  traffic  go  across  them. 

Their  claim  was  that  it  was  totally  trans- 
parent.There  are  now  1,300  users  of 
these  technologies,  such  as  ESPN,  ABC 
News,  Merrill  Lynch.  [Now  the  technolo¬ 
gies]  will  be  coupled  with  our  security 
portfolio  and  with  the  routing  infrastruc¬ 
ture  that  we  have  so  you  move  beyond 
just  application  performance  to  applica¬ 
tion  assurance. That’s  the  key 


There's  been  industry  conjecture  that  you  need  to  make  a 
move  into  Ethernet  LAN  switching  to  truly  be  competitive  with 
Cisco  or  Nortel  in  the  enterprise.  Is  that  in  the  works? 

No  matter  what  the  answer  to  that  question  is,  one  of 
the  crucial  requirements  is  you  have  to  interoperate 
and  complement  all  of  the  installed  base  that’s  already 
out  there. There  are  tens  of  millions  of  Ethernet  ports, 
supplied  by  lots  of  companies.  We  need  to  focus  on 
how  to  bring  solutions  to  that  installed  base,  as 
opposed  to  saying  the  only  way  to  solve  a  problem  is 
for  a  customer  to  throw  everything  out  and  only  buy 
our  equipment. 

It  doesn’t  mean  there  are  not  opportunities  to 
enhance  the  portfolio  by  whatever  means.  We  do  a  lot 
of  Ethernet  development  today  within  our  product 
line.  Ethernet  deployment  is  an  increasing  percentage 
of  the  revenue  from  our  product  portfolio.  It’s  a  more 
complex  question,  but  the  important  thing  is  to  meet 
user  requirements,  not  just  to  impose  your  gear  on  a 
forklift. 

What  else  is  missing  from  your  enterprise  product  portfolio? 

Our  main  interest  is  in  this  strategy  of  fulfilling  our 
traffic-processing  portfolio.  Below  that  are  several  tacti¬ 
cal  choices  about  how  to  do  it.  We  can  partner  and 
joint  develop  as  we  announced  with  Avaya.We  can 
market  together  with  companies;  we  have  dozens  of 
companies  with  whom  we  do  that.  We  spend  almost 
$350  million  on  our  own  R&D.  And  we  may  look  at 
acquisitions.  But  the  important  thing  is  to  make  the 
acquisition  decision  as  a  subset  of  the  strategy  And 
people  get  that  turned  around. We  will  always  look  first 
and  hardest  at  internal  development  because  that’s 
what  has  gotten  us  to  where  we  are.  We  think  we  are 
better  at  the  internal  development  of  the  kinds  of 
products  we  build  than  other  companies  of  any  size 
attempting  the  same  objectives.  Obviously  that  doesn’t 
mean  we  don’t  make  acquisitions.  But  we  make  them 
in  very  complementary  ways  to  fill  out  strategy 

Most  enterprise  Ethernet  vendors  have  complementary  wire¬ 
less  offerings.  Is  that  something  you  are  looking  at? 

It’s  just  another  access  technique.  Wireless  certainly  is 
important  to  all  of  us  running  businesses  to  access  the 
data  and  information  and  applications. . .  .We  just  re¬ 
leased  the  5GT  [wireless  firewall]  .which  has  lots  of 
wireless  security  capabilities.  Wireless  is  an  increas¬ 
ingly  important  area  and  we  have  a  lot  of  focus  on  it. 

You've  put  forth  the  idea  that  there's  underlying  dissatisfac¬ 
tion  with  today’s  network.  Where  are  you  getting  this  from? 

I’d  call  it  a  technology  industry  or  IT  challenge. There 
are  too  many  people  out  there  that 
will  say  whatever  it  takes  to  get 
elected  as  a  supplier.  In  our  discus¬ 
sions  with  CIOs,  when  they  get 
together  and  talk,  they  are  enor¬ 
mously  frustrated  by  empty  promis¬ 
es  and  unrealistic  claims  . .  .such  as 
‘we  can  do  all  things,  and  better 
and  cheaper  and  faster  than  every¬ 
one  else.’  People  who  promise  they 
can  do  this  either  don’t  understand 
the  nature  of  the  business  or  they 
think  the  person  they’re  dealing 
with  doesn’t  understand.!  don’t 
know  which  is  worse.  ■ 
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Vendor  tackles 
data  center 
automation 

■  BY  DENISE  DUBIE 

Enigmatec  this  week  is  set  to  launch  the  second 
generation  of  its  data  center  operations  software 
that  the  company  says  will  help  IT  managers  more 
quickly  identify  and  automatically  resolve  system 
performance  problems. 

The  company  is  upgrading  its  flagship  Execution 
Management  System  (EMS)  software  with  better 
agent  technology,  an  enhanced  policy-creation  tool 
and  an  operations-based  user  interface.  The  soft¬ 
ware  detects  system  failures  and  load  changes  on 
servers,  and  can  fix  problems  using  preset  policies, 
Enigmatec  says. 

EMS  2.0  uses  distributed  agents  to  monitor  perfor¬ 
mance  on  data  center  systems,  measure  actual  per¬ 
formance  against  preset  thresholds  and  take  action 
when  performance  degrades.  It  doesn’t  rely  on  a 
centralized  management  console  to  configure 
agents,  take  corrective  action  or  store  data.  IT  man¬ 
agers  install  the  agents  on  managed  systems  and 
use  a  Web  interface  to  create  policies,  configure 
agents  and  monitor  performance.  The  agents  can 
interact  in  a  peer-to-peer  networking  fashion. 

For  example,  a  new  agent  installed  on  a  server 
would  instantly  register  itself  with  the  closest  neigh¬ 
bor  agent  and  get  updated  with  the  policies  already 
configured  in  the  neighboring  agent. The  use  of  dis¬ 
tributed  agents  that  can  work  autonomously  would 
lessen  the  amount  of  management  traffic  sent  over 
a  network.  Also,  systems  administrators  could  still 
tap  into  machines  equipped  with  agents  if  there  was 
a  network  problem  because  agents  don’t  rely  on 
receiving  intelligence  or  instruction  from  a  central¬ 
ized  server. 

“By  putting  the  intelligence  in  the  agent, 
Enigmatec  is  providing  true  distributed  manage¬ 
ment  capabilities,”  says  Judith  Hurwitz,  president  of 
Hurwitz  Associates.  She  adds  that  EMS  monitors  per¬ 
formance  against  preset  service-level  thresholds, 
which  expands  the  software’s  purpose  beyond  sim¬ 
ple  systems  management  to  service  management. 

“They  are  discovering  operational  policies  across 
systems  and  can  automatically  switch  loads  to  meet 
SLAs,”she  says. 

The  privately  held  New  York  and  London-based 
company  was  founded  in  April  2001  and  has 
raised  about  $11  million  in  three  rounds  of  ven¬ 
ture  funding.  It  has  established  partnerships  with 
companies  such  as  Intel,  Sun  and  VMware,  and  is 
targeting  large  financial  services  firms  as  cus¬ 
tomers.  The  company  declined  to  disclose  cus¬ 
tomer  names. 

Enigmatec  says  its  software  will  compete  with 
offerings  from  IBM  and  HP 

EMS  2.0  is  set  to  be  generally  available  this  week. 

Pricing  is  based  per  CPU  and  typically  starts  at 
about  $50,000.  ■! 
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Aurora 

continued  from  page  1 

sorts  of  different  networks  in  and 
around  AT&T'  says  Ed  Amoroso, 
the  company’s  chief  information 
security  officer. 

While  this  is  not  the  first  threat- 
management  system,  it  is  be¬ 
lieved  to  be  the  first  from  a  glob¬ 
al  service  provider.  Other  threat- 
management  system  vendors  in¬ 
clude  ArchSight,  e-Security,  net- 
Forensics  and  Symantec.  While 
some,  such  as  Symantec,  have 
many  partners  to  provide  cus¬ 
tomers  with  network  security 
information  from  around  the 
globe,  AT&T  is  the  first  to  own  its 
own  network,  says  George 


Hamilton,  senior  research  ana¬ 
lyst  at  The  Yankee  Group.  In  gen¬ 
eral  these  vendors  provide  prod¬ 
ucts  that  customers  buy,  deploy 
and  support  themselves,  and  are 
not  part  of  a  managed  service 
offering. 

“What’s  significant  about  this 
[service]  is  that  a  major 
telecommunications  provider  is 
coming  out  with  a  managed 
security  services  offering,  in  a 
way  that  only  a  major  telecom 
provider  can,”  says  Scott 
Crawford,  senior  analyst  at 
Enterprise  Management  Asso¬ 
ciates.  “It  has  been  difficult  to 
provide  insight  to  a  distributed 
backbone  and  bring  all  of  that 
together  under  one  umbrella. 


Virsa  extends  its 
compliance  suite 

■  BY  ANN  BEDNARZ 

Virsa  Systems  is  building  out  its  suite  of  compliance  software  aimed 
at  helping  companies  monitor  and  safeguard  users’  access  to  enter¬ 
prise  systems  and  data.  The  software  maker  recently  announced  an 
upgrade  to  its  flagship  monitoring  suite,  Continuous  Compliance  Suite 
Version  4.0,  as  well  as  a  new  product  designed  to  keep  tabs  on  cross¬ 
system  business  processes. 

Companies  can  use  the  Virsa  software  to  help  them  come  into  com¬ 
pliance  with  regulatory  initiatives  such  as  the  Sarbanes-Oxley  (SOX) 
Act,  which,  among  other  things,  requires  companies  to  demonstrate 
they  have  effective  controls  in  place  to  preserve  the  integrity  of  finan¬ 
cial  reporting  systems. 

There  are  a  slew  of  IT  products  available  to  help  companies 
achieve  SOX  compliance,  from  content  management  and  business 
intelligence  to  identity  management  and  storage  products. Virsa  — 
along  with  vendors  such  as  Approva.Securelnfo  and  Applimation  — 
specializes  in  providing  users  with  secure,  auditable  access  to  enter¬ 
prise  systems.  These  products  also  enable  companies  to  watch  for 
so-called  segregation-of-duty  conflicts,  such  as  giving  a  person  the 
authority  to  create  a  vendor  in  an  ERP  system  and  cut  checks  to  ven¬ 
dors. 

Continuous  Compliance  Suite  is  beefed  up  to  include  new  tools  for 
creating  and  provisioning  user  roles  and  enhanced  dashboards  tai¬ 
lored  for  business  users.  The  software  runs  inside  an  ERP  system  and 
works  to  simulate  and  assess  the  risks  associated  with  ongoing  trans¬ 
actions.  One  of  the  modules  is  Firefighter,  which  is  specifically  aimed 
at  giving  IT  users  unconstrained  access  to  production  systems,  while 
also  providing  a  means  to  audit  that  access. 

By  embedding  the  Continuous  Compliance  software  inside  an  ERP 
system, Virsa  eliminates  the  added  steps  of  extracting  transaction  data, 
copying  it  to  another  system,  and  analyzing  transactions  after  the  fact, 
says  Doug  Laird, senior  vice  president  of  marketing. 

Virsa’s  new  product  is  called  Confident  Compliance.  It’s  geared  for 
designing  and  monitoring  the  effectiveness  of  controls  that  keep  tabs 
on  cross-enterprise  business  processes  such  as  the  steps  that  occur 
from  the  time  a  product  is  ordered  to  the  time  payment  is  received. 

Role-based  dashboards  are  linked  to  transaction  systems  and  pro¬ 
vide  real-time  visibility  into  the  status  of  process  controls  compliance 
across  the  company  Confident  Compliance  continuously  checks  for 
weaknesses  in  controls,  including  configuration  errors,  and  alerts  users 
to  potential  deficiencies. 

A  large  enterprise  rollout  of  Virsa’s  Continuous  Compliance  Suite  or 
its  Confident  Compliance  software  typically  costs  about  $200,000  to 
$300,000,  Laird  says.B 


AT&T  is  outfitted  to  handle  that 
type  of  flood  of  data.” 

Aurora  “processes  over  18  ter¬ 
abytes  of  data  a  dayT  says  Bill 
O’Hern,  director  of  information 
security  at  AT&T. “That’s  1.6  peta¬ 
bytes  of  network  traffic  —  huge 
volumes.”  The  difference  be¬ 
tween  Aurora  and  other  security 
platforms  is  its  ability  to  handle 
that  much  data  and  digest  it  into 
something  meaningful  to  net¬ 
work  administrators,  he  says. 

AT&T  might  soon  have  direct 
carrier  competition  in  this  arena 
from  MCI,  which  acquired  man¬ 
aged  security  service  provider 
NetSec  earlier  this  year.  While 
MCI  hasn’t  coupled  threat-man¬ 
agement  services  from  NetSec 
with  its  global  IP  network,  ana¬ 
lysts  agree  that  MCI  has  the  tools 
to  do  so.  Crawford  says  other  car¬ 
riers  with  a  view  into  global  IP 
backbones  will  likely  offer  simi¬ 
lar  threat-management  system 
services. 

However,  AT&T  might  still  have 
a  leg  up  with  the  largest  cus¬ 
tomers  because  it  developed  its 
system  specifically  to  handle  the 
vast  amount  of  data  it  processes 
daily  over  multiple  networks. 

“Several  years  back  we  went 
out  to  the  market  to  see  what 
was  commercially  available  to 
solve  this  enterprise  threat-man¬ 
agement  need,”  O’Hern  says.“We 
found  a  lot  of  commercially 
available  packages  but  nothing 
that  scaled  to  our  requirements. 
We  went  back  into  the  labs  and 
designed  a  threat-management 
solution  that  included  [Security 
Information  Management]  and 
net  forensic  features.” 

The  system  has  to  handle  a 
large  number  of  advisories,  ven¬ 
dor  notices  and  buggy  code,  he 
says.  Aurora  also  includes  patch 
management  tools,  vulnerabil¬ 
ity  scanning  and  situational 
awareness. 

AT&T  says  it  expects  to  sell  the 
service  to  large  businesses, 
many  of  which  are  also  Internet 
Protect  customers.  Internet 
Protect  is  AT&T’s  anti-distributed 
denial-of-service  offering  that 
debuted  in  March  2004. 

“It’s  a  nice  fit,”  O’Hern  says.“In- 
ternet  Protect  tells  you  this  activ¬ 
ity  is  spreading  across  the  Inter¬ 
net.  Aurora  gives  you  the  ability 
to  look  inside  your  own  network 
and  see  if  the  same  patterns  are 
developing  there.” 

Aurora  also  is  directly  linked  to 
AT&T’s  internally  developed 
Daytona  database.  Daytona  con¬ 
sists  of  94T  bytes  of  data  and 
houses  all  the  carrier’s  call 
records  for  the  past  two  years. 
While  Internet  Protect  notifies 


AT&T  testing  threat- 
management  system 

Aurora  combines  security 
components  under  a 
single  operational 
platform  that  includes: 


•  Security  Information 
Management  correlated 
alerting. 

•  Algorithm-based  alerting. 


Patch  management. 


Vulnerability  scanning. 


Case  management, 
mitigation,  incident 
response  and  forensics. 


Policy,  methods,  procedures 
fora  Security  Operation 
Center. 


•  Inventory  and  systems 
categorization. 

•  Device  health  and 
perfomance  reporting. 


users  that  specific  activity  is 
spreading,  the  Daytona  database 
lets  users  see  how  long  this 
activity  has  been  going  on, 
O’Hern  says. 

AT&T  says  Aurora  is  suited  for 
its  largest  enterprise  and  govern¬ 
ment  customers.  While  O’Hern 
says  AT&T  might  come  out  with 
a  “light  version”  of  the  service,  it’s 
“concentrating  on  larger,  more 
complex  networks  toda/ 

Analysts  agree  that  corporate 
appetites  for  such  services  are 
growing. 

“The  event  security  market  is 
about  a  $300  million  to  $350 
million  market  today  and  is 
expected  to  grow  to  $800  mil¬ 
lion  by  2008,”  Hamilton  says. 
“Compliance  is  really  driving 
this  market.” 

AT&T  says  it  expects  customer 
trials  to  last  at  least  45  days,  and 
does  not  have  a  time  frame  for 
when  Aurora  will  be  generally 
available.  The  company  de¬ 
clined  to  reveal  what  the  service 
will  cost. 

AT&T  is  looking  at  three  ways 
of  selling  Aurora.  For  customers 
that  just  want  to  buy  the  tech¬ 
nology,  AT&T  would  essentially 
“drop”  the  system  into  their 
security  operations  centers  and 
let  them  run  and  manage  it. The 
carrier  also  will  offer  an  option 
through  which  it  would  deploy 
and  maintain  the  platform  in 
one  of  its  data  centers,  but  the 
customer  would  manage  alerts 
through  a  portal.  The  third 
option  would  be  a  complete 
outsourcing  model.  ■ 


Server 
sales  show 
modest 
growth 

■  BY  ROBERT  MCMILLAN 

Led  by  strong  sales  from  mar¬ 
ket-leader  IBM,  worldwide  server 
sales  were  up  4%  during  the  first 
quarter  of  2005,  Gartner  reports. 

Total  server  revenue  for  the 
quarter  was  $12.33  billion,  up 
from  $11.84  billion  during  the 
first  quarter  of  2004.  IBM,  HP  and 
Dell  were  the  top-three  server 
vendors,  with  sales  of  $3.67  bil¬ 
lion,  $3.47  billion  and  $1.33  bil¬ 
lion  for  the  period,  respectively. 

With  a  16%  rise  in  sales  of  x86 
servers,  which  use  processors 
from  Intel  and  Advanced  Micro 
Devices  (AMD),  HP  shipped  the 
largest  number  of  servers.  It  deliv¬ 
ered  498,000  servers  during  the 
quarter,  followed  by  Dell  and 
IBM,  which  sold  402,000  and 
183,000  systems,  respectively. 

Sales  of  servers  with  AMD’s 
Opteron  processor  accounted 
for  5.7%  of  the  1.6-million-unit 
x86  market.This  was  a  slight  im¬ 
provement  from  the  5.4%  market 
share  Opteron  held  during  the 
previous  quarter,  but  still  far  from 
AMD’s  stated  goal  of  12%  market 
share  by  year-end. 

In  total,  92,000  Opteron  systems 
shipped  during  the  quarter,  led 
by  HRwith  just  fewer  than  12,000 
shipments,  and  Sun,  which  sold 
nearly  9,000  Opteron  servers.The 
vast  majority  of  Opteron  sales 
were  made  by  smaller  vendors. 

Intel’s  64-bit  Xeon  processor 
accounted  for  797,000  systems 
sold  during  the  quarter. 

“Opteron  is  still  a  viable  prod¬ 
uct,”  says  Joseph  Gonzalez,  a 
Gartner  analyst.  “You  can  run  a 
lot  of  your  older  applications  on 
it.  It’s  also  a  little  bit  lower-priced 
than  some  of  the  Xeon  offerings. 
It’s  not  going  to  make  a  huge 
inroad  into  Intel’s  sales,  but  it’s 
going  to  bring  in  a  lot  of  revenue 
for  AMD.” 

Sales  of  Unix  servers  were  up 
slightly  for  the  quarter,  but  IBM 
was  the  only  one  of  the  top-three 
vendors  to  see  its  Unix  business 
grow.  IBM  had  Unix  sales  of  $1.23 
billion  for  the  quarter,  followed 
by  HP  which  had  sales  of  $1.17 
billion.  Sun  saw  its  Unix  sales 
drop  from  $1.21  billion  to  $1.13 
billion, year  over  year. 

McMillan  is  a  correspondent 
with  the  IDG  News  Service. 
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DayJet  services  will  feature  the  Eclipse  500  Very  Light  Jet  aircraft,  which 
can  hit  speeds  of  about  400  mph  and  seat  four  passengers. 


DayJet 

continued  from  page  1 

“Many  techies  like  me  grew  up 
watching  NASA  moon  shots  and 
reading  Popular  Science,  and 
they  get  into  airplanes  as  a 
hobby;’ says  lacobucci,  who 
retired  from  Citrix  in  2000.“I 
wanted  to  design  airplanes  since 
I  was  little,  and  now  I  can  help 
change  a  market  that  is  in  dire 
need  of  some  big  changes.” 

Much  in  the  same  way  he 
looked  to  wring  expenses  out  of 
running  Windows  and  Unix  by 
starting  Citrix  in  1989,Iacobucci 
is  seeking  to  squeeze  the  high 
cost  of  air  travel. 

DayJet  has  raised  more  than 
$18  million  to  unite  two  leading- 
edge  technologies.The  first  is 
Very  Light  Jet  aircraft,  which  can 
fly  at  about  400  mph,  seat  four 
passengers  and  reportedly  oper¬ 
ate  at  half  the  cost  of  today’s 
small  jets.The  second  technol¬ 
ogy  has  highly  sophisticated  soft¬ 
ware  systems  to  determine  the 
most  efficient  way  to  route  those 
aircraft.The  software  is  based  on 
what’s  known  in  some  aviation 
circles  as  “the  magic  algorithm.” 

lacobucci  says  the  company 
has  had  some  20  mathemati¬ 
cians,  former  Citrix  program¬ 
mers,  demographers,  scientists 
and  market  planners  working  for 
more  than  two  years  to  develop 
the  real-time  automated  opera¬ 
tions  system.  The  system  takes 
into  account  a  raft  of  data,  from 
income  statistics  and  business 
traveler  preferences  to  prices 
and  schedules  of  local  bus  and 
train  services,  to  come  up  with  a 
sophisticated  model  showing 
how  a  traveler  would  use  the  sys- 
tem.The  package  runs  across  a 
cluster  of  20  dual-processor  3- 
GHz  Pentium  computers. 

The  software  is  the  backbone 
of  DayJet’s  service,  which  is 
something  between  a  private  jet 
charter  and  an  airline.  It  will 
cater  to  people  who  might  drive 
200  to  400  miles  for  a  business 
trip,  because  using  the  airlines 
for  that  jaunt  would  be  a  hassle, 
lacobucci  says.  In  the  Southeast 
alone  some  87%  of  business  trips 
are  by  car. 

“That’s  who  we’re  after;’  laco¬ 
bucci  says.“We’ll  support  a  mesh 
of  cities,  200  to  400  miles  apart 
with  no  hubs  and  require  no 
changeovers.” 

DayJet  ultimately  will  have  its 
own  pilots  and  Eclipse  jets  sta¬ 
tioned  across  a  grid  of  cities 
transporting  travelers.  Customers 
first  encounter  with  DayJet  will 
be  the  company’s  Web  site  or 
self-help  kiosks  at  regional  air¬ 


ports  such  as  in  Asheville, Tenn., 
or  Cincinnati.  lacobucci  says  the 
service  sites  will  basically  look 
like  car  rental  counters  with  PCs. 

Customers  will  enter  the  depar¬ 
ture/arrival  cities  that  they  want 
to  fly  between.They  then  would 
enter  dates  and  time  parameters 
such  as  “depart  no  earlier  than” 
and  “arrive  no  later  than.”  If  a 
DayJet  plane  was  available,  the 
user  would  get  a  guaranteed 
confirmation.  lacobucci  won’t 
talk  exact  fares  but  says  the  cost 
of  a  seat  should  be  a  “little  more 
than”  a  scheduled  major  airline 
fare.  A  similar  charter  seat  would 
run  $3,000  to  $4,000. 

The  key  is  that  customers  can 
call  up  and  get  a  seat  on  de¬ 
mand,  lacobucci  says.“We  are 
really  building  a  peer-to-per  LAN 
for  people,”  he  adds. 

Mixing  aviation  and  technol¬ 
ogy  comes  naturally  to 
lacobucci,  who  has  been  part  of 
the  computing  industry  for  more 
than  25  years.  Pre-Citrix, 
lacobucci  worked  for  IBM  on  a 
team  that  developed  compo¬ 
nents  of  the  company’s  stalwart 
Systems  Network  Architecture 
and  network  management  prod¬ 
uct  NetView.  He  also  oversaw 
DOS  and  OS/2  development. 

Upon  retiring  from  Citrix, 
lacobucci,  52,  says  it  became 
readily  apparent  a  life  of  leisure 
wasn’t  for  him. 

“I  didn’t  realize  how  horrible 
retirement  would  be,”  he  says. 

“The  technology  industry  isn’t 
like  it  was  in  the  early  days, 
where  it  was  like  the  Wild  West, 
so  I  really  didn’t  relish  getting 
back  into  that.” 

It  was  really  his  traveling 
around  the  country  before  he 
left  Citrix  that  inspired  him  to 
dive  into  aviation.  He  and  his 
wife  bought  a  Learjet  with  the 
idea  that  it  would  save  time  and 
get  him  from  Point  A  to  B  with  a 


minimal  amount  of  fuss. 

“We  waste  so  much  time  at 
airports  and  are  at  the  mercy  of 
airline  schedules,”  he  says.“I  just 
knew  there  had  to  be  a  better 
way’ 

So  he  turned  the  personal 
Learjet  into  a  business  — Wing- 
foot  Services,  which  now  oper¬ 
ates  two  of  the  aircraft. 

“It  is  really  a  high-end  charter 
business  for  executives,”  laco¬ 
bucci  says.  It  also  was  a  precur¬ 
sor  to  other  aviation-related  ser¬ 
vices  that  grew  into  DayJet. 

How  successful  DayJet  will  be 
remains  to  be  seen.  It  is  not 
expected  to  begin  offering  ser¬ 
vices  until  mid-2006.The  plan  is 
to  serve  35  markets  by  2007. 

“Being  able  to  harness  de¬ 
mand,  scheduling,  capacity  and 
then  to  get  the  planes  there  takes 


■  BY  ROBERT  MCMILLAN 


a  complicated  technology  that 
these  tech  people  feel  most  com¬ 
fortable  with  from  the  start,”  says 
Mark  Sixel,  president  and  owner 
of  air  service  analysis  company 
Sixel  Consulting  Group.“In  the 
past  there  haven’t  been  too 
many  smaller  aviation  outfits  that 
could  match  airplanes  with  that 
kind  of  technology  keep  it  afford¬ 
able  and  be  successful.” 

As  has  been  seen  in  recent 
years,  the  aviation  field  holds  a 
strong  draw  for  high-tech  entre- 
preneurs.There’s  the  publicity 
plus  the  bang  for  the  buck. 

Examples  include  designer 
Burt  Rutan’s  company  Scaled 
Composites,  which  built  Space- 
ShipOne.  Last  year  it  won  the  $10 
million  Ansari  X  Prize  for  getting 
a  privately  funded  craft  into 
space.  Microsoft  co-founder  Paul 
Allen  says  he  spent  more  than 
$20  million  on  the  project. 

Then  there’s  former  Microsoft 
executive  Vern  Rayburn’s  Eclipse 
Aviation,  which  is  building  the 
Eclipse  500  jets  DayJet  will  use. 

DayJet  ultimately  will  take 
delivery  of  239  Eclipse  500  jets 
with  options  to  buy  70  more, 
lacobucci  says.  Deliveries  will 
begin  shortly  after  the  Eclipse 
500  receives  Federal  Aviation 
Administration  certification, 
which  is  on  track  for  March. 

For  lacobucci,  the  lure  of  avia¬ 
tion  goes  a  step  further. 

‘Airplanes  are  as  much  works 
of  art  as  any  technology  he  says. 
“They  are  both  hand-built  and 
complicated,  and  expensive  and 
beautiful.”  ■ 
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After  theft,  bank 
tightens  online  security 


Days  after  confirming  that  information  on  approximately  60,000  cus¬ 
tomers  had  been  stolen  by  an  identity-theft  ring,  Bank  of  America  last 
Thursday  announced  plans  to  tighten  security 

Beginning  next  month,  the  Charlotte,  N.C.,  bank  will  offer  a  service 
called  SiteKey  that  will  make  it  harder  for  thieves  to  access  Bank  of 
America  accounts.  SiteKey  will  recognize  when  an  account  is  being 
accessed  via  an  unknown  computer  and  will  generate  a  predeter¬ 
mined  “challenge”  question,  adding  a  level  of  security  to  the  process  of 
logging  on.  The  software  also  lets  users  choose  a  specific  image  —  a 
photograph  of  a  dog,  for  example  —  that  then  can  be  re-shown  to  users 
to  reassure  them  that  they  are  actually  visiting  the  Bank  of  America 
Web  site,  and  not  some  other  site  masquerading  as  www.bofa.com. 

The  service  will  be  rolled  out  as  an  optional  feature  for  the  bank’s 
Tennessee  customers  next  month.  It  will  be  available  to  all  of  the 
bank’s  13.2  million  online  customers  by  October,  says  a  bank 
spokeswoman. 

Bank  of  America  was  one  of  four  banks  targeted  by  the  identity 
thieves,  who  stole  information  on  about  676,000  customers.  Police  have 
charged  10  suspects,  eight  of  whom  are  former  bank  employees. 

McMillan  is  a  correspondent  with  the  IDG  News  Sewice. 
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Keys  to  Successful  Business  Intelligence  Deployment  By  Dan  Vesse 


JL 

Vesset 


T 

hi 


IDC 

Analyze  the  Future 


he  evolution  of  information  technology  (IT)  is  continually 
producing  new  tools  for  productivity  enhancement.  Business  intel¬ 
ligence  (BI)  tools  and  applications,  for  instance,  have  undergone 
several  generations  of  improvements,  but  research  into  the  BI  mar¬ 
ket  suggests  that  considerable  productivity  can  still  be  tapped  by 
implementing  currently  available  BI  software.  The  business  need 
for  such  tools  is  more  pressing  than  ever,  and  so  is  the  challenge  to 
IT  departments  to  get  BI  implementations  right.  ► 
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The  Pillars  of  Decision- 
Process  Automation 

has  shown  that 

organizations  derive  two  primary 
benefits  from  Bl  projects:  produc¬ 
tivity  gains  and  business  process 
enhancements.  These  two  pri¬ 
mary  benefits  can  be  achieved  by 
selecting  Bl  tools  that  address  the 
following  four  major  variables  in 
decision  making,  which  in  turn 
can  lead  to  sustained  competi¬ 
tive  advantage: 


Speed 

Insight 


Accuracy 

Relevance 


Speed  and  accuracy  of 
decision  making  are  the 
primary  contributors  to 
increased  productivity.  On  the 
other  hand,  advanced  predictive 
and  descriptive  analytics,  as  man¬ 
ifested  in  the  insight  and  rele¬ 
vance  of  decision  making,  con¬ 
tribute  actively  to  business 
process  enhancements. 

Competitive  advantage  comes 
from  the  speed  and  accuracy  of 
decision  making,  as  well  as  from 
assessing  the  relevance  of  infor¬ 
mation  to  a  decision  and  from 
gaining  insight  in  seeking  and 
evaluating  possible  decision 
alternatives.  Because  many  types 
of  decisions  are  recurring  or 
repeatable  (such  as  pricing, 
extending  credit  or  allocating 
resources),  decision-making 
processes  exist  that  are  amenable 
to  automation. 

However,  decision  process 
automation  is  achievable  only 
when  all  four  variables  outlined 
above  are  used  in  software 
architectures  that  support 
decision  making. 


IDC  defines  business  intelligence  software  as  the  soft¬ 
ware  that  supports  speed,  accuracy,  relevance  and 
insight  in  decision  making.  Bl,  in  turn,  is  a  segment  of 
the  broader  business  analytics  market  that  includes 
tools  for  data  integration,  data  warehouse  manage¬ 
ment,  query  and  reporting,  data  mining,  technical 
data  analysis,  and  spatial  information  management 
as  well  as  prepackaged  applications  for  customer 
relationship  management  (CRM);  financial,  business 
performance  management;  supply  chain;  and 
operational  analytics. 

The  need  for  these  software  solu¬ 
tions  has  never  been  greater.  For 
instance,  data  published  last  year 
by  the  U.S.  Department  of  Labor 
has  shown  a  slowdown  in  produc¬ 
tivity,  which  suggests  that  perhaps 
the  low-hanging  fruit  of  the  excesses 
of  the  late  1990s  has  been  picked,  and 
therefore  businesses  need  to  find  new  ways  to 
increase  productivity  if  they  hope  to  gain  competitive 
advantage. 

A  new  investment  cycle  in  productivity-enhancing  tools 
appears  imminent,  and  current  investment  trends  in  Bl 
software  support  this  conclusion.  In  2004,  the  Bl  tools 
market  experienced  better-than-expected  performance, 
growing  by  9.5%  to  reach  $4.25  billion  in  worldwide 
software  revenue.  IDC  forecasts  a  2004-2009  com¬ 
pound  annual  growth  rate  (CAGR)  of  6.0%,  which 
reflects  some  changes  in  the  underlying  market,  such 
as  a  shift  in  software  sales  from  Bl  tools  to  packaged 
analytic  applications  and  database-embedded  Bl  com¬ 
ponents.  IDC  estimates  that  the  broader  business 
analytics  market  reached  $14.5  billion  in  2004. 

Critical  Misalignment 

Despite  a  healthy  adoption  rate,  however,  the  deploy¬ 
ment  of  software  to  support  decision-making  process¬ 
es  continues  to  lag  significantly  behind  the  money  that 
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companies  spend  on  software  to  process 
transactions.  IDC  research  shows  that  for 
every  dollar  spent  on  transaction  processing 
applications  or  capturing  and  getting  data 
into  databases,  only  $0.25  is  spent  on  get¬ 
ting  the  data  out  for  business  analytics  to 
support  decision-making  and  statutory 
reporting  processes. 

The  result  is  a  critical  misalignment  between 
business  needs  and  the  information  technol¬ 
ogy  intended  to  serve  those  needs.  For 
example,  a  recent  IDC  survey  revealed  that 
only  about  10%  of  business  managers  feel 
very  confident  with  the  statement  that  the 
reports  developed  in  their  organizations 
deliver  relevant  information  to  the  right 
people  at  the  right  time.  About  40%  of  the 
managers  surveyed  reported  feeling  not  at 
all  confident  or  only  somewhat  confident. 

Although  the  misalignment  between  IT  and 
business  is  ultimately  a  business  problem, 
IT  managers  must  address  several  distinct 
IT  challenges  to  successfully  implement 
and  support  BI: 

►  Defining  system  requirements.  BI  imple¬ 
mentation  is  often  a  vague  and  iterative 
process  because  of  the  difficulty  in  deter¬ 


mining  in  advance  all  the  information 
forms  that  users  want— the  type  of  reports 
or  the  alerts  for  certain  kinds  of  informa¬ 
tion.  Usually  the  BI  system  is  replacing  a 
relatively  manual  data-tracking  process 
that  may  employ  an  Excel  spreadsheet,  for 
example.  So  after  the  new  BI  system  is 
online,  users  begin  asking  for  more— more 
data  sources,  more  different  kinds  of 
reports,  more  key  performance  indicators 
(KPIs).  Each  of  these  requests  needs  to  go 
through  the  IT  department,  and  while  some 
are  relatively  easy  to  implement,  others 
take  more  time  and  testing.  Unlike  other  IT 
systems,  such  as  financial  applications  that 
remain  comparatively  static  following 
implementation,  BI  systems  are  dynamic 
and  continually  evolving. 

►Transforming  disparate  data  into  a  sin¬ 
gle  model.  All  the  information  that  popu¬ 
lates  user  “dashboards”  and  “scorecards”— 
the  BI  interfaces— must  be  brought  in  from 
different  systems  and  molded  into  a  single 
data  model.  This  is  a  complex  data  transfor¬ 
mation  task.  For  example,  IDC  has  found 
that  in  BI  projects  for  CRM  systems,  70%  of 
the  work  is  just  around  sourcing  and  map¬ 
ping  the  data— before  the  information  can  be 
accessed  and  distributed.  A  related  issue  is 


Challenge  of  Maintaining  Business 

Using  a  5-point  scale,  where  5  is  "very 
difficult"  and  1  is  "not  at  all  difficult," 
please  rate  the  difficulty  of  maintaining 
business  intelligence  data  quality. 

n=40 


Intelligence  Data  Quality 


Source:  IDC,  2005 
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maintaining  data  quality,  which  according  to  a  recent 
IDC  survey,  is  an  ongoing  challenge.  A  full  35%  of  sur¬ 
vey  respondents  said  that  data  quality  maintenance  is 
either  “very  difficult”  or  “difficult,”  versus  only  12.5% 
who  answered  “not  at  all  difficult”  (see  chart,  page  3). 

►  Managing  user  expectation/experience.  Users 
often  expect  to  get  a  lot  of  data  immediately  and  to 
have  the  system  solve  tough  business  problems.  As 
described  earlier,  BI  system  development  is  inherently 
iterative,  complex,  and  ongoing.  Furthermore,  while 
BI  is  being  extended  to  address  decision-making 
processes,  the  types  of  decisions  for  which  the  tech¬ 
nology  is  best  suited  tend  to  be  operational  decisions 
that  are  foreseeable  and  repeatable— decisions  that 
employees  have  to  make  on  a  regular  basis.  BI  will  not 
necessarily  hand  users  their  next  big  idea,  such  as  the 
creation  of  a  new  product.  Moreover,  although  70%  of 
respondents  to  a  recent  IDC  survey  said  that  existing 
BI  systems  let  them  effectively  make  operational  deci¬ 
sions,  30%  of  organizations  still  have  systems  that 
don’t  allow  for  effective  operational  decisions. 

►Guaranteeing  system  availability.  BI  is  not  just  for 
executives  anymore.  Increasing  numbers  of  line-of- 
business  managers  and  lower-level  employees  are 
accessing  BI  systems  to  make  important  decisions  as 
part  of  their  normal  duties.  BI  usage  is,  in  effect, 
reflecting  a  larger  business  trend  toward  decentraliza¬ 
tion,  the  flattening  of  organizational  hierarchies,  and 
increased  decision-making  responsibility  for  front¬ 
line  workers.  As  BI  follows  this  trend,  it  becomes  more 
operational,  and  while  BI  isn’t  yet  on  a  par  with  trans¬ 
action  processing  systems,  it’s  clearly  getting  there. 
Downtime  on  transaction  processing  systems  is  intol¬ 
erable,  and  it’s  increasingly  less  tolerated  on  BI  sys¬ 
tems.  This  indicates  that  BI  has  become  truly  integrat¬ 
ed  in  the  business  processes  of  many  companies.  IT 
managers  can  expect  this  trend  to  grow  with  the 
advent  of  real-time  information  delivery;  as  BI  infor¬ 
mation  becomes  more  time-sensitive,  system  down¬ 
time  becomes  a  bigger  problem.  1 
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IBM  tool  bolsters  company  privacy 

DB2  software  promises  to  protect  other  key  corporate  information. 


■  Tumbleweed  Communications 

last  week  announced  plans  to  inte¬ 
grate  Commtouch’s  Recurrent 
Pattern  Detection  technology 
into  its  suite  of  e-mail  security 
products.  This  technology  will  pro¬ 
vide  Tumbleweed's  products  with  an 
outbreak-detection  feature  to  flag 
mass  mailings  across  the  Internet 
often  associated  with  spam  or 
viruses,  company  officials  say.  The 
technology  lets  Tumbleweed’s  Mail- 
Gate  appliances  and  software 
block  these  messages  before  they 
enter  an  organization.  The  enhance¬ 
ment  will  be  available  for  free  in 
early  June. 

■  XML  security  vendor  Reactivity 
last  week  added  a  feature  to  its 
XML  Security  Gateway  and  the 
SOA  Gateway  that  lets  users 
process  XML  messages  either  in 
memory,  stream  the  message 
through  the  gateway,  or  use  a 
store-and-forward  format.  The 
multi-mode  processing  feature  is 
part  of  the  company’s  Adaptive 
Message  Architecture,  which  is 
implemented  on  its  XML  gateway 
appliances.  Reactivity  says  the 
store-and-forward  mode  is  the  most 
secure  and  is  the  best  for  large 
messages.  The  model  does  not  let 
XML  messages  reach  back-end  ser¬ 
vices  until  they  are  authenticated, 
secure  and  properly  formatted.  The 
multi-mode  feature  is  a  free 
upgrade  for  current  users  or  avail¬ 
able  with  either  gateway.  Pricing 
starts  at  $65,000. 

■  Cisco  this  week  said  it  has  final¬ 
ized  the  acquisition  of  privately  held 
Vihana,  a  developer  of  custom 
ASICs  for  computer  and  communi¬ 
cations  applications.  Cisco  will  pay 
$30  million  in  cash  and  options  for 
the  company,  which  employs  27 
people.  Vihana  was  founded  in 
August  2001.  Cisco  already  had 
Invested  $15  million  in  Vihana  as  of 
Jan.  29.  2005,  according  to  Cisco's 
Feb.  22,  2005, 10-0  filing  with  the 
Secant :  :s  and  Exchange 
Commission. 


■  BY  ANN  BEDNARZ 

Sharing  information  with  partners  is  a 
part  of  doing  business  for  most  companies, 
but  it  can  raise  sticky  security  and  regula¬ 
tory  issues  when  sensitive  corporate  data 
leaves  enterprise  boundaries. 

IBM  last  week  unveiled  new  software 
designed  to  help  companies  selectively 
provide  the  data  their  partners  need  with¬ 
out  compromising  the  privacy  of  individu¬ 
als  whose  personal  information  is  at  stake. 

IBM’s  new  DB2  Anonymous  Resolution 
software  is  designed  to  help  companies 
share  and  compare  pertinent  business  in¬ 
formation  without  revealing  private  or  sen¬ 
sitive  personal  details.  For  example,  a  com¬ 
pany  could  compare  customer  lists  with 
partners,  cross-reference  identity  records 
with  watch  lists,  or  determine  the  amount 
of  customer  overlap  in  a  merger  —  while 
keeping  individual  records  anonymous. 

With  DB2  Anonymous  Resolution,  recipi¬ 
ents  can’t  decipher  or  view  data  in  its  orig¬ 
inal  form.  This  lets  a  healthcare  company 
share  data  that  has  been  stripped  of  per¬ 
sonal  information  without  violating  privacy 
provisions  such  as  those  spelled  out  in  the 
Health  Insurance  Portability  and 
Accountability  Act.  At  the  same  time,  the 
software’s  techniques  for  correlating  data 
can  let  recipients  determine  if  two  records 


■  BY  JOHN  COX 

Accton  Technology  last  week  introduced 
a  line  of  wireless  LAN  mesh  products  in  a 
move  that  could  be  a  first  step  toward 
changing  the  way  enterprise  WLANs  are 
deployed. 

Today  WLANs  consist  of  access  points 
that  communicate  with  clients  via  a  radio 
link,  but  are  cabled  to  nearby  Ethernet 
switches  or  WLAN  controllers.  In  a  wireless 
mesh,  the  access  points  can  talk  wirelessly 
to  each  other.  That  change  eliminates  the 
need  for  much  of  the  cabling  in  conven¬ 
tional  WLANs,  so  deployments  are  faster 
and  less  expensive.  Mesh  networks  include 
auto-discovery  and  auto-authentication 
techniques,  which  let  the  networks  config¬ 
ure  themselves.  The  mesh  nodes  also  cre¬ 
ate  a  more  reliable  network  because  a 
See  Accton,  page  20 


pertain  to  the  same  person. 

DB2  Anonymous  Resolution  relies  on 
technology  IBM  gained  in  its  January 
acquisition  of  analytics  software  maker 
SRD,  which  specializes  in  gleaning  infor¬ 
mation  about  individuals’  identities  and 
discovering  obscure  associations  or  suspi¬ 
cious  relationships. 

SRD  has  been  absorbed  into  IBM’s  Entity 
Analytic  Solutions  business,  which  now 
offers  DB2  Identity  Resolution  and  DB2 
Relationship  Resolution  —  tools  for  aggre¬ 
gating  data  about  individuals  from  multi¬ 
ple  data  sets,  and  discovering  non-obvious 
relationships  between  identities  that  know 
each  other. 

DB2  Identity  Resolution  can  sift  through 
and  identify  multiple  records  that  might 
appear  to  describe  different  people,  but  in 
reality  are  related  to  one  person.  DB2  Rela¬ 
tionship  Resolution  can  detect  suspicious 
relationships  such  as  a  hazardous  material 
licensee  sharing  an  address  with  a  sus¬ 
pected  terrorist. 

The  products  stem  from  technology  SRD 
built  in  the  late  1980s  to  help  collections 
agencies  determine  how  to  find  bill 
evaders  who  would  intentionally  provide 
false  contact  information. 

DB2  Anonymous  Resolution  uses  tech¬ 
nology  from  both  products  and  adds  fea¬ 
tures  for  preserving  the  privacy  of  the 


underlying  information.  The  product  con¬ 
sists  of  two  main  parts,  which  IBM  calls  the 
anonymizer  and  resolver. 

The  anonymizer  uses  hashing  algorithms 
to  transform  raw  data  into  anonymous 
data.  The  hashing  process  generates  a 
unique  value  that  represents  original  data 
in  a  form  that  is  mathematically  indeci¬ 
pherable.  Recipients  can’t  recover  the  orig¬ 
inal  data  directly  from  the  anonymous  ver¬ 
sion,  but  the  original  data  holder  can, 
thanks  to  record  identifiers  that  point  to 
the  location  of  the  original  records. 

The  resolver  component  does  the  corre¬ 
lation  work  —  resolving  identities  and  dis¬ 
covering  relationships  —  and  generates 
alerts  based  on  the  results.  The  two  com¬ 
ponents  communicate  with  each  other 
through  flat  files  containing  XML-tagged 
Universal  Message  Format  records. 

IBM’s  DB2  Entity  Analytics  lineup  runs  on 
platforms,  including  Windows,  AIX,  HP-UX, 
SuSE  Linux,  Red  Hat  Linux  and  Solaris. 
Database  support  includes  DB2,  Oracle 
and  Microsoft  SQL  Server. 

Pricing  was  not  available  at  press  time.B 
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Accton  to  launch  WLAN  mesh  products 

■  PROFILE: 


ACCTON  TECHNOLOGY 

Location: 

Hisinchu.Taiwan  (U.S.  offices:  Sunnyvale,  Calif.) 

Founded: 

1988 

CEO: 

A.J.  Huang;  with  Accton  since  1984  in  various  roles  including  vice 
president  of  sales.  Previously,  he  worked  with  defunct  Wang 
Laboratories,  and  withTaiwanTelephone  andTelegram  Bureau. 

Business: 

Accton  is  one  of  the  world's  largest  contract  designers  and 
manufacturers  of  network  and  communications  equipment;  it  builds 
products  ranging  from  ADSL  modems  and  set-top  boxes,  to  WLAN 
access  points,  Layer  2/3/4  switches,  blade  servers,  andVolP  equipment 
based  on  its  own,  or  a  customer's,  designs.  SMC  Networks  is  a  wholly 
owned  subsidiary  acquired  in  the  late  1990s. 

Customers: 

Yahoo  Japan,  Microsoft,  Dell,  Nortel,  Philips,  HP,  Belkin 

Finances: 

Reported  2004  net  sales  of  about  $591  million  and  a  net  loss  before 
taxes  of  about  $17.4  million.The  company  is  publicly  traded  on  the 
Taiwan  stock  exchange. 

SOURCE:  ACCTON TECHNOLOGY TAIWAN.THT  RESEARCH 
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Vendor  stretches  its  ID  mgmt.  suite 


■  BY  JOHN  FONTANA 

Identity  management  provider 
Fischer  International  last  week  re¬ 
leased  a  suite  of  software  focused 
on  compliance,  provisioning  and 
password  management. 

The  centerpiece  of  Identity 
Suite  2.0  is  its  compliance  engine, 
which  supplies  a  user  authoriza¬ 
tion  service  and  lets  companies 
record  and  audit  which  users  are 
accessing  what  network  re¬ 
sources  and  when.  The  compli¬ 
ance  features  are  built  on  the 
company’s  DataForum  engine, 
which  is  based  on  Java  and  XML 
and  provides  an  auditing  and 
tracking  capability  to  all  pieces  of 
the  Fischer  suite. 


Also  part  of  the  suite  are  Fischer 
Password  Manager,  Fischer  Pro¬ 
visioning  and  iFly,  which  provides 
identity  services  to  mobile  users. 

Out  with  the  bad 

The  compliance  engine  lets 
users  discover  and  eliminate 
rogue  or  deactivated  accounts, 
and  ensures  that  each  user 
account  on  each  system  has  the 
appropriate  access  credentials. 
The  engine  also  compiles  an 
audit  trail  that  shows  that  an  orga¬ 
nization  has  adhered  to  compli¬ 
ance  regulations  and  how  it  has 
corrected  any  problems. 

“We  are  seeing  a  lot  of  interest 
in  compliance,”  says  Trent  Henry 
an  analyst  with  Burton  Group.The 


interest  is  being  driven  by  regula¬ 
tions  such  as  the  Sarbanes-Oxley 
Act,  Gramm-Leach-Bliley  Act  and 
Health  Insurance  Portability  and 
Accountability  Act. 

“We  are  seeing  a  lot  of  compli¬ 
ance  and  auditing  features 
being  added  to  base  identity- 
management  platforms  and  we 
are  evaluating  if  that  is  where 
those  features  need  to  be,”  he 
says. 

Fischer,  which  competes  with 
Courion,Thor  and  M-Tech,has  its 
roots  in  the  mainframe  days,  hav¬ 
ing  provided  a  Big  Iron-based 
directory  Directory  services  tech¬ 
nology  is  the  key  underpinning 
to  today’s  identity  management 
systems. 


Big  players 

Major  vendors  such  as  BMC 
Software,  Computer  Associates, 
HP  IBM,  Microsoft,  Novell,  Oracle, 
RSA  Security  and  Sun  are  devel¬ 
oping  identity  platforms  around 
technology  they  have  built  or 
acquired. The  task  now  for  those 
vendors  is  to  integrate  that  tech¬ 
nology,  create  standard  inter¬ 
faces  and  management  tools, 
and  eliminate  feature  overlap. 

Fischer,  while  not  addressing  all 
the  identity  infrastructure  pieces 
(including  access  management) 
planned  by  the  major  vendors, 
says  the  tight  integration  of  its 
products  means  users  aren’t  left 
today  with  such  a  grab  bag  of 
technology 


Fischer’s  DataForum  workflow 
engine  is  tuned  for  identity  and 
provisioning,  and  has  extensive 
extract,  transform  and  load 
capabilities  that  let  companies 
move  data  from  multiple 
sources  and  reformat  it.  Identity 
Suite  2.0  has  a  Compliance 
Lode  Mode,  which  lets  users 
clean  up  directory  data  so  it 
adheres  to  their  compliance 
needs. 

The  software  runs  on  Java- 
based  applications  servers,  in¬ 
cluding  IBM  WebSphere,  BEA 
WebLogic  and  Apache  Tomcat. 
Identity  Suite  2.0  costs  between 
$500,000  and  $750,000  for  a 
large  organization  depending 
on  configuration.  ■ 


Firefox  users  snap  up 
anti-phishing  toolbar 


■  BY  SCARLET  PRUITT 

Users  of  the  Firefox  Web  browser  have 
been  flocking  to  Netcraft’s  Web  site  to 
download  the  security  company’s  new 
anti-phishing  toolbar. 

The  free  toolbar,  released  last  week,  was 
downloaded  more  than  60,000  times  with¬ 
in  hours  of  its  release, according  to  Netcraft 
Internet  Services  Developer  Paul  Mutton. 
By  comparison,  the  company’s  anti-phish- 
ing  toolbar  for  Internet  Explorer  has  been 
downloaded  about  100,000  times  since  its 
release  earlier  this  year,  he  says. 

An  increase  in  phishing  attacks  has  been 
grabbing  the  attention  of  Internet  mer¬ 
chants,  end  users  and  security  providers. 
Phishing  is  a  type  of  online  fraud  in  which 
criminals  send  e-mails  that  entice  users 
into  visiting  Web  sites  designed  to  look  like 
those  of  a  legitimate  company  such  as  a 
bank  or  auction  provider.  Users  are  asked 
to  enter  sensitive  information  such  as  a 
credit  card  number  or  passwords. 

The  scam  currently  is  one  of  the  most 
prevalent  Internet  threats,  according  to 
security  researchers.  And  given  the  profit 
potential,  online  criminals  are  becoming 
more  cunning  in  their  attacks,  by  targeting 
scams  at  users  of  particular  banks,  or  by 
geographical  location,  Mutton  says. 

Netcraft’s  anti-phishing  toolbar  seeks  to 
thwart  these  kinds  of  threats  by  blocking 
access  to  reported  phishing  sites.  Once  the 
first  recipients  of  a  phishing  e-mail  report 
the  URL  of  a  fake  site,  the  site  is  blocked  for 
toolbar  users. 

Netcraft  checks  each  reported  site  to  ver¬ 
ify  that  it  is  phony  to  avoid  blocking  legiti¬ 
mate  sites,  Mutton  says. 

The  toolbar  also  displays  the  hosting 


location  and  a  risk  rating  for  each  site  visit¬ 
ed.  While  the  product  is  free  for  Internet 
users,  Netcraft  licenses  a  version  to  organi¬ 
zations  such  as  banks  to  put  their  own 
brand  on. 

Netcraft  has  no  plans  to  offer  versions  of 
the  toolbar  for  other  browsers. 

“There’s  no  other  browser  as  popular  as 
Firefox  right  nowf  Mutton  says. 

The  open  source  browser,  offered  by  the 
Mozilla  Foundation,  has  nowhere  near  the 
market  share  of  Internet  Explorer,  but  has 
been  steadily  gaining  users.  As  of  Feb.  18, 
Internet  Explorer  had  a  market  share  in  the 
U.S.  of  90%,  down  from  93%  in  November, 
according  to  analytics  firm  WebSideStory 

Firefox,  meanwhile,  had  grabbed  5.7%  of 
the  U.S.  market  as  of  February  up  from  3% 
in  November.  Internet  companies  have 
taken  note  of  its  rising  popularity  Yahoo 
began  offering  a  toolbar  for  Firefox  earlier 
this  year,  and  Google  has  snapped  up  one 
of  its  key  developers.  But  with  success  has 
come  a  downside:  Security  researchers  are 
reporting  an  increase  in  threats  aimed  at 
the  alternative  browser. 

Pruitt  is  a  correspondent  with  the  IDG 
News  Service. 


Accton 

continued  from  page  19 

packet  can  be  routed  around  a  failed  wire¬ 
less  node.  Finally  mesh  WLANs  can  grow  or 
scale  efficiently:  adding  new  nodes  creates 
more  paths  for  routing  and  balancing  the 
wireless  packet  load. 

Accton’s  mesh  technology  is,  overall,  sim¬ 
ilar  to  that  offered  by  a  flock  of  smaller 
companies,  such  as  Strix  and  Firetide, 
which  originally  aimed  at  the  enterprise  in¬ 
door  market,  and  Bel  Air  and  Tropos,  which 
specialize  in  municipal  outdoor  networks. 
Nortel  is  one  of  the  few  big  companies 
with  an  outdoor  mesh  node,  but  Cisco  will 
introduce  one  soon,  based  on  technology 
created  by  its  Airespace  acquisition. 

But  Accton,  as  a  major  contract  manu¬ 
facturer,  will  offer  its  mesh  products  to  a 
range  of  brand-name  network  equipment 
vendors,  including  its  own  subsidiary 
SMC  Networks.  These  vendors  in  turn  will 
target  large  companies  and  small  to  mid¬ 
size  businesses,  touting  the  benefits  of  a 
mesh  in  simplifying  WLAN  deployment 
and  operations. 

Accton  designs  and  builds  switching 
gear, WLAN  access  points,  asymmetric  DSL 
modems  and  other  equipment  for  high- 
tech  brand  names.  Accton  doesn’t  release 
its  customer  names,  but  according  to  THT 
Research,  a  company  that  covers  the  con¬ 
tract  manufacturing  industry  those  cus¬ 
tomers  include  Dell,  Belkin,  Nortel, 
Foundry  Networks  and  many  others. 


Accton’s  mesh  capability  dubbed  Wire¬ 
less  Intelligent  Transport  Network 
(WITnet),  will  appear  first  in  an  indoor 
mesh  node,  shipping  in  August,  and  in  an 
outdoor  node  later  this  year.  Both  products 
will  incorporate  two  standard  radios,  one 
for  802.1  la, and  one  for  802.1  lg/b  wireless 
connectivity  The  nodes  can  be  set  up  to 
use  either  radio  for  connecting  with  local 
WLAN  clients,  or  with  neighboring  nodes 
to  create  a  wireless  backhaul  that  elimi¬ 
nates  the  need  for  Category  5  connections. 

The  WITnet  architecture  is  the  fruit  of  two 
years  of  work,  on  which  Accton  has  filed 
for  three  patents,  relating  to  security  routing 
and  traffic  engineering,  according  to  Ted 
Kuo,  the  company’s  vice  president  for 
advanced  development. 

Accton’s  mesh  announcement  comes  on 
the  eve  of  the  next  development  in  the 
IEEE  802.11s  task  group,  which  is  charged 
with  hammering  out  a  standard  for  WLAN 
mesh.  Accton  has  been  actively  involved  in 
the  group  since  its  launch  in  early  2004, 
Kuo  says.  The  group  has  issued  a  call  for 
proposals,  and  the  deadline  for  submitting 
them  is  mid-June. 

“The  original  802.11  standard  only 
defined  how  a  client  ‘station’  talked  to  a 
[wireless]  access  point,  not  how  the 
access  points  could  talk  with  each  other 
over  the  air’’  Kuo  says.  “The  11s  standard 
will  address  this:  Access  points  will 
become  interconnected,  without  de¬ 
pending  on  the  wired  net.” 

Accton  didn’t  release  pricing  details,  but 
says  final  WLAN  mesh  products  sold  by  a 
brand-name  vendor  could  be  up  to  50% 
more  expensive  than  comparable,  conven¬ 
tional,  dual-radio  access  points.  ■ 
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...and  then  there’s  Inter  Centrincf  mobile  technology. 

Intel®  CentrincT  mobile  technology  for 
laptops  is  designed  from  the  ground  up 
to  make  anything  else  feel  limiting.  It 
delivers  outstanding  mobile  performance. 

It  enables  great  battery  life  in  a  new 
generation  of  thin,  light,  wireless  laptops. 
And  you  don’t  need  cables  or  wireless  cards 
to  keep  your  users  connected.* 

Laptops  to  really  mobilize  your  workforce: 
intel.com/business. 


MOBILE 

TECHNOLOGY 


"Wireless  connectivity  and  some  features  may  require  you  to  purchase  additional  software,  services,  or  external  hardware.  System  performance  measured  by  MobileMark  2002.  System  performance,  battery  life,  wireless  performance,  and  functionality  will  vary  depending  on 
your  specific  operating  system,  hardware,  and  software  configurations.  ©2005  Intel  Corporation  Intel,  Intel  Inside,  the  Intel  Inside  logo,  the  Intel  Centrino  logo,  and  Intel  Centhno  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  Stales 

and  other  countries.  All  rights  reserved. 
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Scott  hates  us. 


And  our  customers  couldn’t  be  happier.  Scott’s  a  hacker  and  it’s  our  job  to  make 
his  job  impossible.  We’re  Sophos,  a  global  leader  in  network  security  for  business. 


Over  103,000  viruses  want  inside  your  network.  The  number  is  growing— and  so 
is  the  severity  of  attacks.  Sophos  knows  how  to  stop  them.  Our  proven  solutions 
defend  against  viruses,  spam,  worms,  Trojans  and  malicious  spyware.  Join  the  35 
million  users  in  150  countries  who  depend  on  our  technology,  expertise  and  acclaimed 
customer  support. 

FREE  expert  resources  and  the  chance  to  WIN  a  Dell™  Pocket  DJ  at 
stopthethreat.com.  Learn  how  a  proven  multi-tier  network  security  solution 
addresses  your  network’s  protection,  performance,  productivity  and  policy 
enforcement  challenges.  Download  free  white  papers,  analyst  reports  and  case  stud¬ 
ies  from  independent  expert  sources  at  stopthethreat.com.  While  you’re  there,  enter 
for  your  chance  to  win  one  of  two  Dell  Pocket  DJs  ($199  value  each). 

SOPHOS 

anti-virus,  anti-spam  and 
email  policy  for  business 


Free  downloads  and  the  chance  to  win  at  stopthethreat.com  ENTER  PIN:  jbdOwq 
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Stolen  laptop  puts  MCI  data  at  risk 

Colorado  Springs  police  believe  MCI  employee  left  laptop  in  unlocked  car. 


■  BY  ROBERT  MCMILLAN 

MCI  is  evaluating  new  corporate  security 
technologies  following  the  theft  of  a  note¬ 
book  computer  containing  personal  infor¬ 
mation  on  about  16,500  current  and  for¬ 
mer  employees. 

The  missing  data  includes  names  and 
Social  Security  numbers  stored  on  a  laptop 
that  was  stolen  last  month  from  a  car 
parked  in  the  home  garage  of  an  MCI  finan¬ 
cial  analyst,  says  Linda  Laughlin,  an  MCI 
spokeswoman.  The  MCI  employee,  whom 
Laughlin  declined  to  identify  was  autho¬ 
rized  to  have  the  data  on  her  laptop,  where 
she  was  using  it  to  analyze  financial  trends 
for  the  company,  she  says. 

Although  MCI  now  is  investigating  the 
“policies,  procedures  and  circumstances 


■  Network  Appliance  last  week 
launched  two  midrange  network- 
attached  storage  systems  that 
boast  twice  the  performance  and 
support  more  users  per  system  than 
its  previous  FAS  storage  systems.  The 
NetApp  FAS3020  and  FAS3050  arrays 
support  Fibre  Channel,  iSCSI  and 
other  network  configurations  and 
have  a  storage  capacity  of  84T  bytes. 
They  each  support  Network  Appli¬ 
ance’s  FlexVol  architecture,  which 
resizes  volumes  based  on  customer 
need.  They  also  now  can  support 
Serial  Advanced  Technology  Attach¬ 
ment  drives,  which  can  reduce  the 
cost  per  megabyte  of  storage  by  more 
than  half,  Network  Appliance  says. 

The  company  also  introduced  its 
V3020  and  V3050  virtualization  appli¬ 
ances,  which  Network  Appliance  says 
are  twice  as  fast  as  previous  V- Series 
boxes.  They  allow  the  virtualization  or 
pooling  of  storage  resources  on 
arrays  from  Hitachi  Data  Systems, 

HP,  IBM  and  Sun. The  FAS3020  and 
FAS3050  start  at  less  than  $35,000, 
Network  Appliance  says  it  expects  to 
release  the  virtualization  appliances 
next  month  starting  at  $52,450. 


surrounding  the  theft,”  the  company  does 
not  believe  that  the  analyst  violated  MCI 
policy  Laughlin  says.  MCI  uses  encryption 
technology  to  protect  its  corporate  data, 
but  the  company  now  is  in  the  process  of 
evaluating  new  security  technologies, 
including  stronger  encryption  software. 
“We’ll  go  and  enhance  some  of  the  tools 
that  employees  can  use  on  their  laptops,” 
Laughlin  says. 

One  tool  that  might  help  MCI  employees 
is  a  car  key 

Colorado  Springs  Police  Department 
investigators  found  no  signs  of  damage  to 
neither  the  car  nor  the  garage  where  it  was 
parked,  leading  them  to  assume  that  the 
car  in  question  was  not  locked  at  the  time 
of  the  theft,  says  Lt.  Rafael  Cintron,  a  public 
information  officer  with  the  department. 

Either  way  retrieving  the  missing  laptop, 
which  was  reported  stolen  April  5  in 
Colorado  Springs,  might  prove  difficult. 


Colorado  Springs  officers  are  in  the 
process  of  contacting  local  pawnshops  to 
see  if  it  has  been  sold,  but  investigators 
have  few  leads.  “There  was  no  damage  to 
the  vehicle,  no  witnesses,  so  there’s  not 
much  to  go  on,”  Cintron  says. 

MCI  has  sent  out  notification  letters  to  the 
people  whose  personal  information  was 
compromised  by  the  theft,  but  has  seen  no 
evidence  that  anyone  has  attempted  to 
illegally  use  this  information, Laughlin  says. 

The  stolen  laptop  was  password-protect¬ 
ed,  but  Laughlin  would  not  say  whether  the 
Excel  spreadsheet  files  that  contained  the 
sensitive  data  were  encrypted. 

The  MCI  theft  is  just  the  latest  in  a  series 
of  high-profile  mishaps  in  which  compa¬ 
nies  have  lost  large  quantities  of  personal 
information.  Earlier  this  month,  Time 
Warner  lost  40  back-up  tapes  containing 
data  on  600,000  current  and  former 
employees.  And  ID  thieves  have  gained 


access  to  data  on  hundreds  of  thousands 
of  people  following  computer  break-ins  at 
ChoicePoint  and  Reed  Elsevier  Groups 
LexisNexis  Group. 

McMillan  is  a  correspondent  with  the  IDG 
News  Service. 


More  online! 

Read  about  other  recent  laptop  computer  thefts  at 
The  University  of  California,  Berkeley  and  a  San  Jose 
medical  group. 
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ID  mgmL  without  all  the  complexity 


WIRED 
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Dave 

Kearns 


In  the  1980s,  PCs  entered  the  enterprise 
through  the  backdoor.  Employees 
snuck  them  in  while  MIS  wasn’t  look¬ 
ing,  then  used  that  new-fangled  “local  area 
networking”  to  hook  them  together  within 
departments. 

In  the  1990s,  Windows  entered  the  enter¬ 
prise  through  the  backdoor  as  employees, 
used  to  the  “wow”  factor  of  a  GUI  on  their 
home  machines,  snuck  in  Windows  com¬ 
puters,  or  forced  beleaguered  IT  person¬ 
nel  to  order  the  new  interface  for  them. 

In  the  late  1990s,  instant  messaging 
entered  the  corporate  network  through 
the  backdoor  as  employees  took  the  tools 
they  were  using  to  communicate  with 
their  friends  and  turned  it  into  a  way  to  set 
up  lunch  dates  with  colleagues,  contract 
meetings  with  partners  and  sales  calls 
with  both  clients  and  vendors. 

What  technology  will  be  brought  in  the 


backdoor  of  the  enterprise  this  decade? 

Public  Key  Infrastructure  (PKI)  has  been 
around  for  more  than  15  years.  It’s  always 
being  proposed  as  the  way  for  secure 
identity  and  access  management  to 
occur.  And  it  never  quite  caught  on.  It’s 
clunky  to  use,  obtuse  to  learn  and  users 
are  just  not  convinced  that  they  want  to 
use  it  unless  they  absolutely  have  to. 

Now  the  experience  gained  in  two  dif¬ 
ferent  areas  of  consumer  browsing  might 
be  brought  together  as  a  way  to  build 
identity  management  from  the  ground  up, 
rather  than  from  the  top  down. 

PKI  supposedly  is  about  trust,  but  in 
real  life  we  trust  people  based  on  their 
reputation  (at  least,  their  reputation  as 
we  see  it).  People’s  experience  with  eBay 
(which  gathers  feedback  on  transac¬ 
tions)  as  well  as  ratings  for  reviewers  and 
vendors  at  sites  such  as  Amazon.com  or 
pure  opinion  sites  such  as  Epinions  or 
TripAdvisor  are  making  the  possibility  of 
building  a  “trust  metric”  for  online  people 
much  easier. 

Social  networking  (such  as  Linkedln, 
Friendster,  Match.com  and  many  others) 
let  people  build  their  own  identity  online. 
One  outgrowth  of  this  phenomenon  is  the 
rise  of  identity  networks  such  as  Sxip  and 
LID  which  let  people  build  their  own  per¬ 


sonal  identity  object  in  coordination  with 
a  referring  network  (see  www.sxip.com  if 
you’re  not  sure  what  that  means). 

Now  take  the  pioneering  efforts  of  Sxip 
and  add  to  it  reputation  feedback  and  you 
can  come  up  with  an  identity-manage¬ 
ment  system  that  bypasses  PKI,  Liberty 
Alliance,  Microsoft,  IBM,  Sun,  Novell  and 
all  the  other  top-down  players  to  bring 
real  identity  management  in  to  the  enter¬ 
prise  through  the  backdoor. 

Kearns,  a  former  network  administrator, 
is  a  freelance  writer  and  consultant  in 
Silicon  Valley.  He  can  be  reached  at 
wired@vquill.  com. 


|  11%  isn't  polished  and  it 
LI  I#  isn't  finished  but 
creator  Johannes  Ernst  is 
bound  and  determined  to 
make  it  ubiquitious.  Lots  of 
'deep  thinkers'  in  the  iden¬ 
tity  world  think  he  might  be 
on  to  something  big. 
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Microsoft  seeks  to  get  its  servers  in  sync 


■  BY  JOHN  FONTANA 

After  several  failed  attempts  to  use  marketing  to  cre¬ 
ate  a  corporate  computing  platform,  Microsoft  now 
is  turning  to  engineering  in  an  attempt  to  pull 
Exchange,  SQL  Server,  Windows  and  its  other  infrastruc¬ 
ture  servers  into  a  cohesive  stack  of  enterprise  software. 

Microsoft’s  engineering  effort  underlies  the  Windows 
Server  System,  which  was  born  as  a  marketing  term, 
but  now  could  potentially  become  something  quite 
different. 

Microsoft  has  lumped  19  servers  under  the  Windows 
Server  System  banner  and  is  attempting  to  lash  them 
together  into  a  cohesive  unit  with  its  Common 
Engineering  Criteria  (CEC).The  criteria  were  introduced 
last  June  as  a  blueprint  and  set  of  rules  for  how  servers 
are  developed,  secured,  managed,  certified,  customer 
approved  and  licensed. 

The  servers  are  grouped  in  three  categories: 
Operations,  which  includes  Identity  Integration  Server 
and  System  Management  Server;  Applications,  which 
includes  SQL  Server  and  BizTalk;  and  Information  Work, 
which  includes  Exchange  and  SharePoint  Portal  Server. 
Windows  Server  2003  provides  plumbing  features  such 
as  Active  Directory  and  VPN  support  (see  graphic  for  a 
complete  list). 

The  company  has  released  its  first  three  servers 
designed  under  CEC  principles,  and  more  are  due  this 
year. 

The  goal  is  to  simplify  IT  environments, says  Bill  Hilf, 
director  of  platform  technology  for  Microsoft. 

“We  should  be  able  to  engineer  out  as  much  complex¬ 
ity  as  we  can  before  the  software  arrives  to  the  cus¬ 
tomer,”  he  says.The  way  to  factor  out  that  complexity  is 
the  integration  storyf 

Chapters  of  that  story  include:  completing  its  lineup  of 
CEC-compliant  computers,  delivering  on  Microsoft’s 
Dynamic  Systems  Initiative,  a  plan  to  create  a  manage¬ 
ment  platform  for  Windows;  succeeding  in  securing  its 
code  through  its  Trustworthy  Computing  initiative;  and 
supporting  XML-based  standards  to  back  integration 
with  non-Windows  platforms. 

Just  getting  started 

Microsoft’s  largely  behind-the-scenes  integration  efforts 
are  catching  some  customers  by  surprise. 

“I  didn’t  know  they  were  doing  this,  but  we  can  see  it 
already  working,” says  Lance  Auman,  director  of  enter¬ 
prise  infrastructure  for  the  San  Francisco  Unified  School 
District.  Auman  says  he  uses  Microsoft  Operations 
Manager  (MOM),  one  Windows  Server  System  server,  to 
integrate  his  311  servers  around  a  common  manage¬ 
ment  model.  He  also  is  in  the  process  of  testing  one  of 
the  newest  Windows  Server  Systems  servers,  Data 
Protection  Manager,  to  help  solve  his  back-up  problems. 

“The  beta  already  has  a  MOM  management  pack  with 
it,”  he  says. 

“It’s  imperative  for  us  that  all  this  stuff  work  together’’ 
Auman  says.“It  is  the  only  way  we  can  manage  it  all 
with  the  small  staff  we  have.” 

The  CEC  includes  requirements  that  servers  have  mod¬ 
ules,  called  management  packs,  that  connect  into  MOM 
—  a  monitoring  and  performance  application. .  It  also 


Searching  for  consistency 

Microsoft  has  designed  its  Common  Engineering 
Criteria  so  that  ail  of  its  infrastructure  servers 
adhere  to  a  particular  set  of  design 
specifications,  such  as 


64-bit  support 

Support  for  multicore  processors 
.Net  compliance 

Trustworthy  Computing  principles 
Hot  patching  and  Microsoft  patching  services 
Scripting  support  for  operations 
Virtual  Server  support 

Standardized  on  Microsoft  and  Installer  Service 
Standardized  packaging  and  licensing 


List  of  servers 

• *  *  Virtual  Server  2005 

•  *Live  Communications  Server  2005 


Microsoft’s  efforts  here  amount  to  an  acknowledg¬ 
ment  by  the  company  that  it  previously  hasn’t  had 
common  engineering  requirements  for  its  server  prod¬ 
ucts,  Davis  says. 

It’s  an  attempt  by  the  company  to  compete  using  “its 
entire  stack  of  software  instead  of  point  products. 
Instead  of  Windows  vs.  Linux,  Exchange  vs.  Notes,  and 
have  people  look  at  Microsoft’s  portfolio  in  its  entirety^ 
he  says. 

Still,  observers  say  Microsoft  also  must  convince  users 
on  the  business  case  for  using  its  software  servers. 

“Integration  is  thinking  that  happens  in  the  IT  tech 
room,  but  it’s  not  the  conversation  we  have  with  the 
business  people,”  says  George  Defenbaugh,  manager  of 
global  IT  infrastructure  projects  for  petroleum  compa¬ 
ny  Amerada  Hess.  A  perfect  example  of  this,  he  says,  is 
the  company’s  adoption  of  Microsoft's  System 
Management  Server. 

“We  deployed  it  because  we  had  a  strong  need  to  get 
patches  deployed,”  Defenbaugh  says.  But  the  technology 
isn’t  integrated  with  anything  else,  he  says. 

“I  appreciate  that  Microsoft  is  developing  [CEC]  .The 
fact  that  Microsoft  is  offering  this  perspective  tells  me 
they  are  thinking  five  years  down  the  road,"  he  says. 


’Microsoft  Operations  Manager  2005 
’SQL  Server  2005  (beta) 

Windows  Server  2003  R2 

Data  Protection  Manager  2006 

Storage  Server  2003  R2 

System  Center  Reporting  Server  2005 

BizTalk  Server 

Commerce  Server 

Content  Management  Server 

Exchange  Server 

Host  Integration  Server 

Identity  Integration  Server 

Internet  Security  and  Acceleration  Server 

Project  Server 

SharePoint  Portal  Server 

Speech  Server 

System  Management  Server 


•SERVERSTHAT  CURRENTLY  MEET  ALL  OR  SOME  OF  COMMON  ENGINEERING 
CRITERIA  REQUIREMENTS. 


stipulates  support  for  command-line  scripting  that 
servers  can  run  inside  a  virtual  machine,  and  that  all 
servers  use  the  same  installer  technology  and  patching 
tools.  CEC  also  mandates  customer  feedback  loops,  logo 
programs  and  training. 

Microsoft  plans  to  adhere  to  the  CEC  in  all  the  servers 
it  releases  going  forward. 

Next  month  at  its  annual  TechEd  conference,  Microsoft 
plans  to  announce  new  CEC  requirements  for  2006. 

“The  thing  that  makes  Windows  Server  System  more 
than  just  a  gimmick  is  the  CEC,”  says  Dwight  Davis,  an 
analyst  with  Summit  Strategies.“lt  also  telegraphs  to 
people  what  they  can  expect  with  products  in  that 
pool  of  servers.” 


Where  it's  headed 

Microsoft  has  just  started  to  release  servers  developed 
under  the  CEC.The  first  three  are  Virtual  Server  2005, 
Live  Communications  Server  2005  and  MOM  2005.  SQL 
Server  2005  and  Windows  Server  2003  R2,  both  due  to 
ship  later  this  year,  also  will  incorporate  CEC  principles. 
The  company’s  other  servers  will  gain  CEC  compliance 
as  new  versions  are  released. 

Microsoft  also  is  working  with  partners  to  develop 
security  services  such  as  the  single  sign-on  that 
Microsoft  and  Sun  demonstrated  earlier  this  month 
between  their  directories. 

Microsoft  also  is  developing  technology  for  its 
Longhorn  servers  and  clients,  called  Indigo,  which  will 
provide  an  integration  layer  with  other  technologies. 

“Indigo  is  fundamental  to  the  way  we  will  do  inter¬ 
operability”  Microsoft’s  Hilf  says. “When  we  think  about 
criteria  around  interoperability,  we  will  have  a  great 
foundation  in  Longhorn  to  help  exercise  the  criteria 
around  that.” 

If  Microsoft’s  efforts  go  as  planned,  it  should  all  add  up 
to  a  stack  for  Windows  Server  System  software  that  will 
reduce  infrastructure  management  and  complexity 

“If  you  want  to  be  a  serious  player  in  the  enterprise 
infrastructure  space  you  have  to  be  able  to  manage  and 
operate  these  systems  with  the  same  quality  of  tools  that 
you  have  seen  in  other  platforms  and  with  the  same 
degree  of  rigor  that  you  operate  your  high-end  Unix, 
mainframe  and  AS/400  environments,”  says  Chris  Burry 
technology  infrastructure  practice  director  at  consulting 
firm  Avanade.  ■ 


||  ■  Find  out  the  results  of  our  Clear  Choice  Test  of 
Microsoft's  64-bit  Windows  Server.  PACE  41. 
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Network  tools  take  on  security  roles 

Security  event  management  vendors  evolve  tools  from  simple  log  collection  products. 


Blurring  the  lines 


Customers  can  benefit  from  network  management  products  that  can 
spot  performance  problems  and  security  threats. 


Technology 


What  it  does 


Stgplgp 

Network-anomaly  j  Monitors  traffic  fiows  and  inspects 
behavior  detection  packets  to  provide  an  early  warning 
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fifes 


Available  from 

Arbor  Networks,  Lancope, 
Lumeta  and  Q1  Labs. 


of  potential  security  threats. 

Policy-based  Combines  tools  to  create  internal 

management  and  external  compliance  policies 

with  ongoing  monitoring  and 
enforcement  features. 


Security  event/ 
information 
management 


Automates  the  collection  of  log  data 
from  security  devices  and  helps 
users  make  sense  of  it  through  a 
common  management  console. 


BindView,  Elemental  Security, 
Lockdown  Networks,  NetlQ 
and  Procera. 


ArcSight,  elQnetworks, 
E-security,  GuardedNet, 
Inteliitactics,  netForensics, 
Network  Intelligence  and 
OpenService. 


■  BY  DENISE  DUBIE 

Growing  demands  to  get  their  networks 
in  line  with  compliance  regulations  and 
maintain  consistent  policies  are  forcing 
many  companies  to  reassess  how  they 
secure  and  manage  their  networks. 

Network  management  technologies  such 
as  traffic  monitoring,  packet  analysis  and 


■  Project  management  vendor 
BrightWork  last  week  released 
Version  2.0  of  BrightWork,  a  project 
management  extension  to  Microsoft's 
SharePoint  Services.  BrightWork  2.0 
provides  a  set  of  templates  to  create 
virtual  workspaces  for  use  over  the 
Web.  BrightWork  offers  four  pre-built 
templates  based  on  the  Microsoft 
Solutions  Framework  for  specific 
tasks:  Issue  Manager;  Business 
Project  Manager;  IT  Project  Man¬ 
ager;  and  Agile  Software  Develop¬ 
ment.  The  company  also  offers  tools 
that  let  users  build  their  own  project 
management  applications.  Pricing  for 
a  20-user  license  and  a  year  of  sup¬ 
port  and  maintenance  starts  at 
$9,900. 

■  Sage  Software  has  launched 
SageCRM.com,  a  rebranded  version 
of  the  Accpac  accounting  and  sales 
software  that  Sage  bought  in  late 
2003  from  Computer  Associates.  The 
new  SageCRM.com  service  takes  the 
company  into  the  hosted  CRM  market 
dominated  by  Salesforce.com. 

Cobbled  together  through  acquisi¬ 
tions,  Sage’s  portfolio  includes  the  Act 
contact  management  software  popu¬ 
lar  with  individuals  and  very  small 
businesses,  as  well  as  SalesLogix,  a 
full-featured  CRM  system  aimed  at 
larger  organizations  with  up  to  several 
hundred  employees.  The  software  is 
available  in  a  traditional  on-premises 
version  priced  at  $595  per  user,  or  as 
a  hosted  service  for  $69  per  user,  per 
month.  (See  related  story,  page  35.) 


policy-based  management  are  finding 
their  way  into  new  and  existing  security 
tools.  Systems  management  vendors  are 
adding  security  capabilities  to  perform  vul¬ 
nerability  scans,  distribute  patches  and 
help  customers  maintain  compliance. 

For  example,  Lancope  and  other  vendors 
are  developing  products  to  baseline  typi¬ 
cal  network  traffic  and  perform  ongoing 
monitoring  to  detect  problems  that  might 
indicate  a  security  breach.  Others,  such  as 
Elemental  Security  provide  technology  to 
help  IT  managers  establish  policies  and 
monitor  network  events  against  the  poli¬ 
cies  to  ensure  that  networks  remain  com¬ 
pliant.  Current  security  event  management 
(SEM)  vendors  are  adding  more  automa¬ 
tion,  remediation  and  policy-based  man¬ 
agement  features  to  evolve  their  tools  from 
simple  log-collection  products  into  securi¬ 
ty-compliance  tracking  tools. 

“I  wanted  a  centralized  area  where  i 
could  see  all  the  security  events  for 
the  company  but  1  saw  more  than  just  secu¬ 
rity  issues,”  says  Matthew  Keogler,  senior 
security  and  network  engineer  at  Auto- 
Trader.com  in  Atlanta.  Keogler  installed  an 
SEM  product  from  GuardedNet  about  two 
years  ago  and  said  it  not  only  provided  a 
dashboard  of  security  events  but  also 
helped  him  discover  unknown  network 
security  threats.  “The  product  immediately 
showed  me  misconfigured  servers  and 
some  network  issues  that  are  related  to 
security  I  still  use  it  from  time  to  time  to 
patrol  and  clean  up  the  network." 

The  trend  toward  securing  networks  with 
network  management  technologies  has 
attracted  not  only  a  slew  of  newcomers  but 
also  Cisco  —  with  its  Network  Admission 
Control  (NAC)  initiative  —  and  IBM. 
Industry  watchers  predict  that  it’s  only  the 
beginning. 

A  hot  market 

According  to  The  Yankee  Group,  the  over¬ 
all  security  industry  in  2004  generated 
about  $12.9  billion  in  revenue,  and  of  that 
SEM  accounts  for  a  modest  $250  million. 
Yet  the  research  firm  projects  by  year-end, 
the  SEM  market  will  grow  by  more  than 
30%  to  about  $330  million.  In  fact,  by  2008 
Yankee  Group  says  security  management 
will  be  an  $800  million  market. 

“This  is  an  area  that  is  going  to  attract  big 
systems  management  vendors,  like  BMC, 
Computer  Associates,  HP  and  IBM,”  says 
George  Hamilton,  a  senior  analyst  with  The 


Yankee  Group. 

For  instance,  systems  management  ven¬ 
dor  Altiris  last  week  announced  its  Altiris 
Security  Suite,  which  couples  vulnerability 
scans  with  remediation  tools.  NetlQ  earlier 
this  month  unveiled  its  Security  Com¬ 
pliance  Suite,  which  lets  users  perform  vul¬ 
nerability  scans,  security  log  management 
and  compliance-report  generation  by 


■  BY  JAMES  NICCOLAI 

Oracle  recovered  ground  in  the  world¬ 
wide  relational  database  market  last  year 
to  draw  roughly  level  with  IBM,  thanks  in 
part  to  Oracle’s  strong  performance  in  the 
fast-growing  Linux  segment,  according  to 
new  figures  from  Gartner. 

Microsoft  also  had  a  good  year,  increas¬ 
ing  new  license  sales  by  18%  to  be  the 
fastest  growing  database  vendor,  although 
it  remained  in  third  place  behind  longtime 
leaders  Oracle  and  IBM. 

Overall,  sales  of  new  relational  database 
software  licenses  grew  10.3%  in  2004,  to 
$7.8  billion,  Gartner  reports.That  compared 
with  growth  of  about  5%  in  2003,  and  a 
decline  of  6%  in  2002. 


using  a  combination  of  centralized  con¬ 
sole  software  and  distributed  agents  on 
managed  machines.  At  its  annual  users’ 
conference  in  two  weeks,  HP  also  is  expect¬ 
ed  to  introduce  compliance  management 
wares. 

Often  referred  to  as  security  information 
management  (SIM),  SEM  technologies 

See  SEM,  page  28 


IBM  overtook  Oracle  in  new  license  sales 
in  2001,  according  to  Gartner,  thanks  partly 
to  IBM’s  acquisition  of  Informix.  But  IBM’s 
database  sales  grew  just  5.8%  last  year,  to 
$2.66  billion,  compared  with  growth  of 
14.6%  for  Oracle,  which  had  sales  of  $2.64 
billion.  The  difference  between  the  two 
was  statistically  insignificant,  making  it  too 
close  to  declare  a  leader,  Gartner  says. 

Much  of  IBM’s  growth  came  from  the 
zSeries,  or  mainframe,  version  of  its  DB2 
database,  although  sales  of  DB2  on  Unix 
also  performed  well,  growing  9%,  Gartner 
says.  Sales  of  Informix,  which  IBM  contin¬ 
ues  to  develop  but  does  little  to  market, 
declined  17.6%  to  $111  million,  according 
to  Gartner. 

See  Oracle,  page  28 


Study:  Linux  sales  inch 
Oracle  closer  to  IBM 
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IBM  eServer®  xSeries 


PAY  MORE  ATTENTION  TO  SERVERS 
BEFORE  YOU  BUY  THEM. 

SO  YOU  CAN  PAY  LESS  ATTENTION 


Affordable,  reliable,  easy  to  manage:  eServer®  xSeries®  with  Intel®  Xeon™  Processors 


IBM  eServer  xSeries  236  Express 

Designed  to  improve 
performance  and  availability, 
with  a  range  of  features 
such  as  redundant  hot-swap 
power  and  cooling. 

System  features 

Up  to  two  Intel  Xeon 
Processors  3.60GHz 
Two-way  tower  with 
rack  capability 
Up  to  9  hot-swappable 
SCSI  hard  disk  drives 
IBM  Director 

Limited  warranty:  up  to  3 
years  on-site3 

From  $2,989* 

IBM  Financing  Advantage 

Only  $82  per  month4 


IBM  TotaiStorage® 


i 

IBM  eServer  xSeries  346  Express 

Help  maximize  performance 
and  improve  availability  in  a 
|  rack  dense  environment  with 
I  Xtended  Design  Architecture.'" 
Includes  features  like  Calibrated 
Vectored  Cooling,  an  IBM 
i  innovation  that  helps  to  keep 
your  system  cool  and  improve 
:  uptime. 

|  System  features 

Up  to  two  Intel  Xeon 
Processors  3.60GHz 
Two-way  2U  rack  server 
Up  to  16GB  DDR2  memory 
using  8  DIMM  slots 
Calibrated  Vectored  Cooling 
IBM  Director 
Limited  warranty:  up  to  3 
years  on-site3 

From  $3,999* 

IBM  Financing  Advantage 

Only  $109  per  month4 


IBM  eServer  xSeries  366  Express 

With  the  power  of  3rd  generation 
Enterprise  X-Architecture,™  it  sets 
a  new  standard  for  4-socket, 
64-bit  servers.  Delivers  increased 
performance,  systems  manage¬ 
ability,  and  simultaneous  support 
for  32  and  64-bit  apps. 

System  features 

Up  to  four  64-bit  Intel  Xeon 
Processors  MP  3.66GHz 
64GB  DDR  memory 
2GB  memory  expandable 
to  64GB 

Six  64-bit  Active  PCI-X  2.0 
IBM  Director 

Calibrated  Vectored  Cooling 
Limited  warranty:  up  to  3  years 
on-site3 

From  $13,779* 

IBM  Financing  Advantage 

Only  $379  per  month4 


Simplify  storage  management  to  improve  productivity 
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Flexible  and  easy  to  use 


IBM  eServer  BladeCenter  HS20  Express 

Designed  to  support  the  Intel 
Xeon  Processor  and  packed 
with  high-availability  features, 
the  eServer  BladeCenter 
HS20  with  industry-leading 
modular  design  delivers  density 
without  sacrificing  processor 
performance. 

System  features 

Up  to  two  Intel  Xeon 
Processors  3.60GHz  _ 

Up  to  14  blades  per  chassis 
Supports  both  32 

and  64-bit  applications 
IBM  Director 
Limited  warranty:  up  to  3 
years  on-site3 


From  $2,589* 

IBM  Financing  Advantage 

Only  $71  per  month4 


IBM  TotaiStorage  DS300  Express 

Entry-level,  cost-effective  SCSI  storage  systems 
designed  to  deliver  advanced  functionality  at  a 
breakthrough  price.  Provides  an  exceptional 
solution  for  work  group  storage  applications,  such 
as  e-mail,  file,  print,  database  and  Intel  Xeon 
Processor-based  servers. 


System  features 

3U  rack-mount  entry  level 
Support  for  up  to  14 

Ultra320  SCSI  disk  drives 
Starts  at  584GB  /  Scales  to  4.2TB 

From  $5,355* 


Simultaneous  support  of 
heterogeneous  operating 
system  environments  for 
xSeries  and  BladeCenter 
Limited  warranty:  1  year 
on-site3 

IBM  Financing  Advantage 
Only  $147  per  month4 


•All  prices  stated  are  IBM's  estimated  retail  selling  prices  as  of  May  3,  2005.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may 
vary.  Products  are  subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in 
other  countries.  'IBM  Director  is  not  available  on  TotaiStorage  systems.  :'IBM  Director  must  be  installed.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor  IBM  will 
attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  IBM  Global  Financing  terms  and  conditions  and  other  restrictions  may  apply.  Monthly  payment  provided 
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TO  THEM  AFTER. 


With  IBM®  Express  Servers  and  Storage™ 
designed  for  mid-sized  businesses,  help  is  here. 

You’ve  already  got  a  zillion  things  that  require  your 
attention -you  shouldn’t  have  to  worry  about  your  systems. 
That’s  why  IBM  Express  products  offer  enhanced  reliability, 
which  helps  them  do  their  job  so  you  can  focus  on  yours. 

Take  IBM  Director,  for  example.1  It  proactively  notifies  you 
of  a  potential  problem -up  to  48  hours  in  advance.  Or  our 
Calibrated  Vectored  Cooling  feature  available  on  select 
xSeries  systems.  It  cools  your  system  more  efficiently. 
This  means  more  features  can  be  packed  into  a  smaller 
server.  Giving  you  more  functionality  and  greater  flexibility. 

It’s  just  an  example  of  our  self-managing  features  that  help 
you  take  back  control  of  your  IT.  Which  can  help  lower 
your  maintenance  costs,  too.  Because  with  IBM  Express 
Servers  and  Storage,  innovation  comes  standard.  It’s  not 
optional.  Plain  and  simple,  it’s  built  in.2 

There’s  also  one  more  great  feature -your  IBM  Business 
Partner.  Which  means  you  can  have  a  one-to-one  chat 
with  someone  who  understands  your  industry  and  your 
business-and  who’s  located  in  your  neck  of  the  woods. 
And  for  mid-sized  businesses,  that’s  really  big  help  in  a 
really  big  way. 
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IBM  TotalStorage  DS400  Express 

With  advanced  functionality,  the  DS400  provides 
an  exceptional  solution  for  work  group  storage 
applications.  It  supports  Intel  Xeon  Processor- 
based  servers  and  offers  Fibre  Channel  drives 
designed  for  high  performance,  and  hot-swap 
Ultra320  SCSI  drives  designed  for  high  reliability. 


System  features 

2GB  Fibre  Channel  storage 
systems  area  network  (SAN) 
3U  rack-mount  entry  level 
Starts  at  584GB  /  Scales  to  5.8TB 

From  $8,495* 


Simultaneous  support  of 
heterogeneous  operating 
system  environments  for 
xSeries  and  BladeCenter 

Limited  warranty:  1  year  on-site3 

IBM  Financing  Advantage 

Only  $234  per  month'1 


is  for  planning  purposes  only  and  may  vary  based  on  customer  credit  and  other  factors.  Rates  and  offerings  are  subiect  to  change,  extension,  or  withdrawal  without  notice.  IBM.  eServer, 
BladeCenter,  xSeries,  TotalStorage,  IBM  Express  Servers  and  Storage,  Enterprise  X-Architecture  and  Xtended  Design  Architecture  are  trademarks  or  registered  trademarks  of  International 
Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or 
its  subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product,  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2005  IBM  Corporation.  All  rights  reserved. 
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Microsoft  is  getting  into  the  “anti” 
business.  That  is,  the  anti-spyware, 
anti-virus  and,  in  general,  anti-bad 
stuff  business.The  anti  business  is  a  pretty 
good  one —  to  the  tune  of  billions  of  dol¬ 
lars  per  year. The  fact  that  almost  all  of  the 
value  of  the  business  stems  from  the  fact 
that  Microsoft  has  not  been  able  to  get 
security  right  the  first  time  makes 
Microsoft’s  entry  into  the  business  more 
than  a  bit  conflicted. 

According  to  published  reports,  Micro¬ 
soft’s  OneCare  will  be  more  than  just  an 
anti-spyware  and  anti-virus  packag;,  it  will 
be  a  subscription  service  targeted  at  home 


An  inherent  conflict  of  interest 


rather  than  enterprise  users  and  will  pro¬ 
vide  an  auto-update  function,  as  well  as 
protect  against  viruses  and  spyware.  Micro¬ 
soft  plans  to  try  it  out  on  its  employees  in 
the  near  future  but  has  not  announced 
when  the  service  will  be  generally  avail¬ 
able.  Nor  has  the  company  said  how  much 
it  will  cost. 

My  reaction  when  I  first  heard  about  the 
service  was:  “Hey  wait  a  minute.  Microsoft 
caused  this  problem,  so  why  should  its 
customers  have  to  pay  extra  to  fix  it?’  But 
on  second  thought,  because  it  might  actu¬ 
ally  be  technically  or  practically  impossi¬ 
ble  to  fix  the  problem  at  its  source  by  not 
having  so  many  bugs,  charging  to  fix  it 
might  be  the  right  thing  from  a  number  of 
points  of  view: 

•  From  Microsoft’s  point  of  view,  it  would 
be  out  of  character  to  leave  so  much 
money  on  the  table. 

•  From  the  point  of  view  of  the  current 


players  in  the  anti-virus  and  anti-spyware 
game,  having  Microsoft  as  a  competitor  is 
far  better  than  Microsoft  deciding  to  bun¬ 
dle  the  software  into  the  base  operating 
system  like  it  has  so  many  times  before 
with  other  applications. 

•  From  an  antitrust  point  of  view  it  is  not 
clear  that  Microsoft  had  much  choice  than 
to  charge  a  reasonable  amount  if  it  wanted 
to  play  in  this  field.The  company  has  been 
put  on  notice  in  a  number  of  legal  jurisdic¬ 
tions  to  stop  bundling  new  functions  into 
Windows  that  others  already  are  selling. 

But  Microsoft  does  have  some  significant 
advantages,  even  if  it  is  ostensibly  just 
another  competitor.  The  company  will  get 
very  early  word  of  any  new  exploits,  likely 
before  any  of  its  competitors  except  in  the 
case  where  a  competitor  discovers  the  vul¬ 
nerability.  Microsoft  can  add  one  of  its  nag¬ 
ging  pop-up  balloons  reminding  users  that 
they  should  subscribe  to  OneCare  (again 


SEM 

continued  from  page  25 

appeared  a  few  years  ago  with  vendors 
promising  to  take  the  legwork  out  of  col¬ 
lecting  and  making  sense  of  thousands  of 
event  logs  spit  out  of  intrusion-detection 
systems,  firewalls  and  other  devices.  The 


products  typically  consist  of  software, 
servers  and  agents,  or  probe  appliances 
that  collect  logs  from  devices. 

While  the  task  seemed  simple  —  apply 
the  event  collection  and  correlation  tech¬ 
nologies  of  network  and  systems  manage¬ 
ment  tools  to  security  devices  —  the 
products  provided  IT  managers  with 


Oracle 

continued  from  page  25 

Oracle  has  been  heavily  marketing 
Linux  as  a  way  for  its  customers  to 
reduce  costs,  and  the  strategy  appeared 
to  pay  off:  Much  of  Oracle’s  15%  growth 
came  from  sales  of  its  database  on 
Linux,  Gartner  said.  The  Linux  database 
segment  remains  relatively  small  over¬ 
all,  accounting  for  just  $654.8  million  of 
new  license  sales,  but  it  more  than  dou¬ 
bled  from  2003. 

Windows  still  strong 

Database  sales  on  Windows  also  were 
strong,  growing  10%  from  the  previous 
year  to  account  for  $3.1  billion  in  new 
licenses.  Microsoft  grew  its  lead  in  this 
segment,  accounting  for  just  more  than 
half  of  all  license  revenue.  The  gains 
came  despite  the  delays  in  Microsoft’s 
SQL  Server  2005  database,  code  named 
Yukon. 

Microsoft  ended  the  year  with  20%  of 
the  database  market,  or  $1.56  billion  in 
new  license  sales,  up  from  18.7%  in 
2003. 

Gartner’s  figures  do  not  include  main¬ 
tenance  fees,  a  significant  source  of 
database  vendor  revenue. 

New  license  sales  are  considered  a 
good  health  indicator,  however,  as  they 
show  how  much  new  business  a  vendor 
is  attracting. 

Niccolai  is  a  correspondent  with  the 
IDG  News  Service. 


Database  kings 

Worldwide  vendor  revenue  from 
relational  database  software, 
based  on  new  license  sales,  grew 
10.3%  in  2004  from  the  previous 
year.  Much  of  that  growth  was 
spurred  by  Oracle’s  surge,  which 
resulted  in  capturing  a  33.7% 
market  share  in  2004. 


2004  Revenue 
(in  millions) 

Informix 
$110.9 


Oracle 

$2,636 


Sybase 

$178  NCRTeradata 
$230 

Others 
$517.1 


IBM  - 

$2,554 


Microsoft 

$1,561.1 

TOTAL  REVENUE:  $7,787.1 


2003  Revenue 

(in  millions)  Sybase 


Informix 

$134.6 

IBM  — 
$2,384.2 


Oracle 

$2,299.3 


SOURCE:  GARTNER 


$177.2  NCRTeradata 
$183.6 

Others 
$545.4 


Microsoft 
$1,323 

TOTAL  REVENUE:  $7,050 


much-needed  respite  from  poring  over 
log  data. 

“We  were  literally  overwhelmed  with 
security  data  and  information.  We  were 
seeing  1,200  events  per  second  from  our 
firewalls  alone,”  says  Sean  Curry,  infra¬ 
structure  engineering  manager  at 
Calpine,  an  independent  power  producer 
with  102  sites  across  the  country  and 
headquarters  in  San  Jose.“We  had  six  fire¬ 
walls  that  produced  60  gigabytes  of  log 
data  per  day  —  each.  It  was  difficult  to 
back  up,  difficult  to  compress  quickly,  dif¬ 
ficult  to  use  for  reports.” 

About  18  months  ago,  Curry  installed  an 
appliance  from  SEM  vendor  Network  In¬ 
telligence  to  get  a  handle  on  the  logs  and 
to  more  easily  generate  reports,  which 
had  become  more  in  demand  because  of 
the  company’s  internal  IT  governance  ini¬ 
tiatives.  He  says  while  the  product  was 
used  initially  as  a  tool  to  reduce  manual 
labor  and  better  manage  log  data,  it  now 
helps  Calpine  stay  in  compliance. 

“We  are  in  the  second  phase  of  [the 
Sarbanes-Oxley  Act] ,  and  it  has  given  us 
the  ability  to  prove  we  have  a  segregation 
of  duties  because  of  the  data  it  collects.  It 
also  makes  getting  reports  to  non-techni- 
cal  people  easier,  “  Curry  says. 

Vendor  parade 

As  companies  face  compliance  chal¬ 
lenges,  security  management  vendors  are 
adding  out-of-the-box  reporting  tools  to 
help  ease  the  process.  Companies  such  as 
ArcSight,  eSecurity  Network  Intelligence 
and  elQNetworks  this  year  have  separate¬ 
ly  released  products  specific  to  reporting 
on  compliance  regulations  such  as  the 
Health  Insurance  Portability  and 
Accountability  Act  (HIPAA),  Sarbox  and 
the  Gramm-Leach-Bliley  Act.  The  tools 
generally  provide  report  templates  specif¬ 
ic  to  regulations,  which  helps  IT  managers 
automatically  generate  detailed  compli¬ 
ance  reports. 

Rick  Casteel’s  purchase  of  TriGeo  tech- 
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and  again  and  again.  .  The  company 
does  not  have  to  do  more  than  appear  to 
break  even  on  OneCare  to  have  a  cred¬ 
itable  antitrust  defense  story,  and  thus 
might  be  able  to  undercut  competitors  that 
actually  have  to  try  to  make  a  profit.  It’s  eas¬ 
ier  for  Microsoft  to  figure  out  how  to  inte¬ 
grate  into  Windows  and,  in  particular,  future 
versions  of  Windows. 

Then  there  is  the  advantage  of  being  able 
to  delay  fixing  underlying  bugs  to  encour¬ 
age  sales  of  OneCare  —  but  Microsoft 
would  never  do  that. 

Disclaimer:  Delaying  graduations  would 
not  be  all  that  good  a  sales  tool  for  Harvard 
anyway  as  far  as  I  know.  The  university  has 
not  expressed  an  opinion  on  this  topic, 
thus  the  above  opinion  must  be  mine. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


nology  centered  on  ongoing  HIPAA  com¬ 
pliance,  but  he  says  the  tool  has  evolved 
to  automate  security  remediation  tasks. 
The  vice  president  of  information  security 
at  Upper  Chesapeake  Health  System,  a 
healthcare  provider  for  Hartford  County 
in  Bel  Air,  Md.,  says  the  TriGeo  software 
helps  him  monitor  some  30  servers  and 
600  client  machines  for  malicious  activity 
investigate  port  scans  and  track  malicious 
behavior.  More  important  to  HIPAA, 
though,  are  the  automation  features  that 
Casteel  says  TriGeo  provides. 

“HIPAA  requires  us  to  prove  a  business 
continuity  planning,  v/hich  means  we 
have  to  prove  that  no  matter  what  we 
can  keep  services  running,”  Casteel 
explains.  He  says  TriGeo  notifies  the  IT 
team  of  events  that  could  affect  its 
HIPAA  compliance  and  automatically 
generates  trouble  tickets  to  the  help 
desk  before  a  user  notices  the  problem. 
“We  can  be  paged  that  the  service  has 
stopped,  set  a  rule  that  if  this  happens 
then  restart  the  service,  and  the  software 
does  it  automatically” 

As  SEM  vendors  continue  to  tap  cus¬ 
tomers’  compliance  concerns,  Yankee 
Group’s  Hamilton  says  enterprise  scalabil¬ 
ity  and  storage  capabilities  will  hold  some 
back.  He  also  warns  the  technology  — 
and  the  smaller  niche  companies  —  will 
become  acquisition  targets  for  vendors 
such  as  HP  and  IBM  that  have  begun 
promising  to  help  IT  departments  get  a 
better  handle  on  IT  controls  and  policies. 
Hamilton  expects  to  see  the  technology 
serve  as  a  cornerstone  for  vendors’  IT  gov¬ 
ernance  strategies. 

“Security  management  vendors  have 
gotten  a  lot  of  attention  in  the  enterprise 
market  because  of  the  present  state  of 
urgency  over  compliance,”  Hamilton  says. 
“But  the  value  of  the  technology  is  much 
broader  and  will  be  about  putting  defined 
IT  controls  in  place  and  constantly  moni¬ 
toring  those  controls.  Compliance  is  just 
one  piece  of  that.’’B 
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The  privacy  challenge 


EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


Here’s  a  new  item  for  your  to-do  list: 
Craft  a  data  privacy  architecture  for 
your  organization. 

Last  week’s  column  closed  with  a  quote 
from  Bruce  Schneier,  noted  cryptographer 
and  security  gum,  about  the  challenges  of 
ensuring  privacy  in  the  Information  Age.  It’s 
a  nontrivial  issue:  Many  key  U.S.  privacy 
laws  predate  the  Internet,  and  courts  have 
been  contradictory  at  best  when  it  comes 
to  interpreting  them  in  the  context  of  elec¬ 
tronic  communications  and  presence 
technologies. 

Moreover,  although  several  regulations 
collectively  govern  data  privacy  and  identi¬ 
ty-information  management  in  different 
geographies  and  industries,  the  U.S.  (unlike 
Canada,  the  European  Union  and  Japan) 
lacks  an  overall  framework  setting  out  the 
principles  of  privacy  for  all  citizens. 

This  means  that  creating  a  data  privacy 
architecture  that  passes  regulatory  muster 
is  a  major  challenge.  For  one  thing,  you 
might  not  be  aware  of  regulations  that 
apply  to  your  organization,  as  this  hap¬ 
pened  to  an  IT  executive  I  spoke  with 
recently  The  CTO  for  a  large  university  in 
the  Midwest,  he  was  well  aware  of  the 
Family  Education  Rights  and  Privacy  Act 
(FERPA),  which  protects  the  privacy  of  stu¬ 
dent  records.  But  he  hadn’t  been  following 
California  Database  Security  Breach  1386, 
which  requires  prompt  notification  of  any 
privacy  breaches  affecting  California  citi¬ 
zens.  The  lapse  is  understandable,  given 
that  all  university  employees  and  faculty 
reside  several  states  away  from  California. 

But  guess  what?  Many  of  his  students  are 
California  residents,  and  therefore  fall 
under  the  purview  of  CA  SB  1386.  That 
means  this  CTO  has  two  choices:  Ensure 
his  school’s  overall  privacy-notification 
process  is  up  to  California  standards,  or 
treat  the  California  students  separately. 
Naturally,  he’s  going  with  the  former. 

For  IT  execs,  the  action  items  are  clear. 
The  first  step  is  to  educate  yourself. 
Healthcare  organizations  already  know  all 
about  the  Health  Insurance  Portability  and 
Accountability  Act  (HIPAA),  and  financial 
firms  are  all  over  Gramm-Leach-Bliley 


(GLB),  which  respectively  mandate  the  pri¬ 
vacy  of  individual  healthcare  and  financial 
data. 

But  don’t  assume  that  because  you’re  up 
to  snuff  on  HIPAA  and  GLB  you’ve  got 
chapter  and  verse  on  privacy  As  noted,  CA 
SB  1386  affects  you  if  you  have  employees 
or  customers  who  are  California  residents 
—  which  these  days,  includes  practically 
everybody.  Then  there’s  the  Fair  and 
Accurate  Credit  Transactions  Act  (FACTA), 
which  requires  companies  to  raise  red 
flags  if  customers  have  potentially  been 
victimized  by  identity  theft;  and  it  applies 
to  any  financial  agency  that  stores  and 
uses  credit  reports.  If  you  have  customers, 
employees  or  business  partners  outside 
the  U.S.,  get  up  to  speed  on  Canada’s 
Personal  Information  Protection  and 
Electronic  Documents  Act  (PIPEDA), 
Europe’s  EU  Directive  95/46  and  Japan’s 
Personal  Information  Protection  Act. 

You  get  the  idea.  Make  sure  your  organi¬ 
zation  is  up  to  speed  on  all  the  relevant 
rules  and  regulations.  But  don’t  stop  there. 
Once  you’ve  figured  out  what  directives  to 
comply  with,  you  need  to  define  the  poli¬ 
cies  and  processes  to  execute  your  privacy 
strategy  —  and  determine  who  to  task  with 
the  challenge.  Finally  you’ll  want  to  assess 
the  tools  and  technologies  that  can  help. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research ,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Qwest  adds  breadth  to 
iQ  WAN  services 


■  BY  JIM  DUFFY 

Qwest  has  added  several  features  to  its 
iQ  Networking  MPLS-based  global  WAN 
services  that  are  designed  to  expand 
access  options  and  reduce  costs. 

Qwest  introduced  iQ  Networking  more 
than  a  year  ago  as  a  set  of  bundled  man¬ 
aged  or  unmanaged  data  services  offerings 
that  combine  Voipfirewall,  intrusion  detec¬ 
tion,  remote  access  and  hosting  services. 
Customers  select  a  certain  QoS  level,  as 
well  as  port  speed  and  access  type. 

The  features  include  international  IP- 
enabled  frame  relay  and  ATM  access  to 
customers’  domestic  Qwest  iQ  Networking 
WAN.  Another  is  support  for  IP  interfaces 
into  ATM  and  frame  relay  customers’  envi¬ 
ronments.  With  this  feature,  customers  can 
continue  to  use  their  current  networks 
while  adding  iQ  Networking  services. 

Another  addition  is  called  “frame  part¬ 
ner”  access  in  Qwest  and  other  service 
provider  regions.  This  lets  customers 
access  Qwest  iQ  Networking  services  via 
Qwest  frame  relay  networks  and  those  of 
Qwest’s  partners,  and  is  designed  to  elimi¬ 
nate  the  expense  of  equipment  upgrades. 

The  Qwest  service  also  now  supports 
inverse  multiplexing  over  ATM,  which  lets 
customers  fill  bandwidth  gaps  between 
DS-1  and  DS-3.The  last  addition  is  denial-of- 
service  attack  protection. 
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Increasing  your  iQ 

Additions  to  Qwest’s  iQ  Networking 
enterprise  service  suite  include 

• 

International  IP-enabled  frame 
relay  and  ATM  access. 

• 

IP  access  into  ATM  and  frame  relay 
networks. 

• 

Frame  relay  access  to  iQ 

Networking  services. 

• 

Inverse  multiplexing  over  ATM. 

• 

L _ 

Denial-of-service  attack  protection. 

_ A 

The  rationale  for  Qwest  iQ  Networking  is 
that  customer-buying  behavior  is  shifting 
from  technology  selection  toward  end-to- 
end  WAN  services  that  support  business 
applications.  As  a  result,  companies  do  not 
want  to  sign  separate  contracts  with  dis¬ 
tinct  SLAs  for  the  various  access  services. 

With  Qwest  iQ  Networking,  customers 
sign  one  contract  for  a  bundle  of  services 
accessible  from  various  access  technolo¬ 
gies  with  end-to-end  performance  guaran¬ 
tees,  regardless  of  access  or  egress  service. 

Qwest  iQ  Networking  competes  with 
MCI’s  Private  IP  and  AT&T’s  IP-Enabled 
Frame  Relay/ ATM  VPN  offerings,  which  are 
also  enabled  by  MPLS.B 


Sprint  wireless  users  get  location  services 


■  BY  DENISE  PAPPALARDO 

Sprint  recently  launched  its  first  location- 
based  wireless  service  for  business  users. 

Called  Business  Mobility  Framework,  the 
service  lets  users  locate  and  track  assets 
and  employees.  The  carrier  is  using 
Microsoft’s  MapPoint  Location  Server  soft¬ 
ware  to  support  the  service. 

“The  platform  gives  a  lot  of  power  to 
enterprises  to  communicate  with  their 
mobile  workforce,”  says  Barry  Tishgart, 
senior  director  of  wireless  product  man¬ 
agement  at  Sprint.The  service  is  well  suited 
for  field  service  automation,  field  force, 
fleet  and  asset  management,  he  says.  For 
example,  a  plumbing  company  could 
more  strategically  divvy  up  emergency 
calls  among  its  field  service  staff  by  easily 


seeing  which  employee  is  geographically 
closest  to  the  next  job. 

Schnuck  Markets,  a  chain  of  grocery 
stores  in  St.  Louis,  uses  the  service  to  man¬ 
age  100  trucks  and  streamline  local  deliv¬ 
eries.  Schnuck  Markets  also  teamed  with 
application  developer  Agilis  Systems  to  put 
together  a  new  distribution  system  that  is 
completely  paper  free. 

Business  Mobility  Framework  includes 
features  such  as  presence,  which  tells  a  net¬ 
work  manager  if  a  mobile  device  is  on  or 
off;  cell  sector  location,  which  provides  the 
latitude  and  longitude  of  a  mobile  device; 
alerts  that  are  used  to  send  text  messages 
to  mobile  devices;  voice  alerts  where  the 
application  server  calls  any  phone  and 
plays  a  message  using  text-to-speech  tech¬ 
nology;  and,  location  notifications,  which 


are  sent  to  the  application  server  when 
mobile  devices  cross  a  specified  geograph¬ 
ic  boundary. 

Bell  Mobility  in  Canada  is  believed  to  be 
the  only  other  service  provider  in  North 
America  offering  location-based  services 
(www.networkworld.com,  DocFmder: 
7330).  The  Canadian  service  provider  is 
also  using  MapFbint  Location  Server  soft¬ 
ware  to  support  its  service. 

Sprint’s  location-based  service  is  avail 
able  for  a  one-time  set-up  fee  of  $1,000 
which  the  carrier  says  it  is  waiving  for  a 
short  time.  The  monthly  service  charge  is 
based  on  the  number  of  transactions  per 
month.  Users  can  buy  buckets  of  transac¬ 
tions  for  a  flat  fee,  Tishgart  says.  For  exam¬ 
ple  5,000  transactions  costs  $100  per 
month.  ■ 


HOW  MANY  PEOPLE  DOES 
TO  SUPPORT  A  SINGLE 

(THAT’S  TOO  MANY. ) 


With  IBM®  Express  Servers  and  Storage™  designed  for 
mid-sized  businesses,  help  is  here. 


Servers  should  support  a  business,  not  the  other  way  around. 
That’s  why  IBM  Express  Servers  have  self-managing  features:  so 
that  our  servers  can  virtually  run  themselves.  What’s  more,  with 
IBM  Express  Servers  and  Storage,  innovation  comes  standard. 
Take  the  OpenPower™  710  Express,  for  instance.  It’s  specially 
tuned  for  Linux®  and  offers  the  reliability  of  POWER5™  technology 
at  a  surprisingly  low  price.’ 
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Tuned  for  Linux 

IBM  eServer  OpenPower  710  Express 


System  features 

Increase  computing  power,  availability  and  scalability 
in  a  rack  dense  environment 


And  while  you  can’t  be  in  two  places  at  the  same  time,  you  might 
want  to  look  into  the  innovative  server  feature  that  can.  For  example, 
the  remarkable  Advanced  POWER™  Virtualization  option  -  it  lets 
one  OpenPower  710  Express  act  as  many  virtual  ones. 

On  top  of  that  there’s  IBM  TotalStorage®  products,  which  offer  a  wide 
range  of  disk,  tape,  and  storage  software  solutions  -  so  you  can 
choose  the  right  options  to  meet  the  growing  needs  of  your  company. 

There’s  also  one  more  great  feature  -  your  IBM  Business  Partner. 
Which  means  you  can  talk  to  someone  who  understands  your 
industry  and  your  business  -  and  who’s  located  in  your  neck  of  the 
woods.  And  for  mid-sized  businesses,  that’s  really  big  help  in  a 
really  big  way. 
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Ideal  for  consolidation  of  infrastructure  workloads 
(Web  serving,  file,  print,  security  applications) 

Robust  64-bit  mainframe-inspired  POWER5  systems 

2-way  19”  rack  server 

Up  to  32GB  of  memory 

Optional  Advanced  POWER  Virtualization1 

DB2®  Express  Discover  CD 

Limited  warranty:  up  to  3  years  on-site2 

From  $4, A* 

IBM  Financing  Advantage 

Only  $124  per  month3 


’All  prices  stated  are  IBM's  estimated  retail  selling  prices  that  were  correct  as  of  May  6,  2005.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  . 
prices  to  end  users  may  vary.  Offers  are  for  business  customers  only  and  are  subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  offer 
the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  ’The  Linux  operating  system  for  the  OpenPower  710  Express  must  be  purchased  separately.  Price 
does  not  include  virtualization  option,  telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before 
sending  a  technician.  3IBM  Globa!  Financing  terms  and  conditions,  and  other  restrictions  may  apply.  Monthly  payments  provided  are  for  planning  purposes  only  and  may  vary  based 
on  customer  credit  and  other  factors.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  “Customer  Replaceable  Unit  (CRU)  service  is  available  in  most  ■ 


IBM  TotalStorage' 


IT  TAKE 
SYSTEM? 


Simplify  storage  management  to  improve  productivity 


IBM  TotalStorage  3580  Express 

The  3580  Express  helps 
address  your  growing  storage 
requirements  and  the 
problem  of  shrinking  backup 
windows.  It  supports  cost- 
effective  backup,  save  and 
restore,  and  data  archiving. 

System  features 

Built  on  Ultrium®  3  technology 

Read/write  compatible  with 
cartridges  written  by 
Ultrium  2  drives 

Read  compatible  with 
Ultrium  1  cartridges 

Up  to  400GB  cartridge  capacity. 
Up  to  800GB  with 
2  to  1  compression 

Limited  warranty:  3  years4 
From  $5,850* 

IBM  Financing  Advantage 

Only  $167  per  month3 


IBM  TotalStorage  DS4300  Express5 

With  a  scalable  design,  the 
DS4300  Express  is  designed 
to  provide  a  reliable  and 
affordable  storage  option  to 
help  simplify  your  data 
management  needs. 

System  features 

2GB  Fibre  Channel  SAN-ready 
3U  rack  mount  entry  level 
Scales  to  33.6TB 

Supports  up  to  112  Fibre  Channel 
disk  drives  -  with  optional 
EXP710  expansion  units6 

Heterogeneous  OS  support 

Limited  warranty:  3  years  on-site? 

From  $8,655* 

IBM  Financing  Advantage 
Only  $238  per  month3 
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HELP  FOR  ANY  SIZE  PROBLEM 

countries.  sGeneral  product  availability  of  IBM  TotalStorage  DS4300  Express  is  expected  to  be  6/17/05.  SEXP710  expansion  unit  is  not  included  in  the  price.  MB,  GB  and  TB  equal 
1,000,000.  1.000,000,000  and  1,000,000,000,000  bytes,  respectively,  where  referring  to  storage  capacity.  Actual  storage  capacity  will  vary  based  upon  many  factors  and  may  be  less 
than  stated.  Some  numbers  for  storage  capacity  are  given  in  native  mode  followed  by  capacity  using  data  compression  technology.  IBM,  eServer,  POWER5.  OpenPower,  IBM  Express 
Servers  and  Storage.  DB2,  POWER  and  IBM  TotalStorage  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other 
countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds  in  the  United  States  and  other  countries.  Linear  Tape-Open,  LTO.  and  Ultrium  are  trademarks  of  Certance,  HP  and  IBM  in 
the  U.S.  and  other  countries.  Other  company,  product,  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2005  IBM  Corporation.  All  rights  reserved. 
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High  Availability  & 
Reliability 

•  Resilient  switching  and  routing  foundation 

•  Global  load  balancing  for  multi-site 
scalability  and  survivability 

•  Link  aggregation 

•  Rapid  and  stateful  session  failover 

•  RSTP,  VRRP  for  switch  and  router 
redundancy 

•  Redundant  power  supplies 

SECURITY 

•  DoS  protection  up  to  4  million  SYN/sec 

•  Wire-speed  ACLs 

•  Application  rate  limiting 

•  Secure  device  management 

•  sFlow  traffic  monitoring 


Rich  Features 

•  Intelligent  content  switching  using 
URL,  HTTP,  XML,  cookies,  SSL 
ID  and  others 

•  IP  NAT 

•  RIPv2,  OSPF  routing 


FLEXIBILITY  & 

Manageability 

•  In-line,  one-ARM  and  Direct  Server 
Return  modes 

•  Web,  SNMP,  INM  and  Cisco-like  CLI 


superior  performance 

•  Up  to  140,000  L4  connections/sec 

•  Application  throughput  from  2  to  1 2  Gbps 

•  Wire-speed  Layer  2/3  forwarding 

•  Scalable  processor  performance 

SCALABILITY  & 

Expandability 

•  Port  expansion  to: 

•  48  Gigabit  Ethernet 

•  48  10/100  Mbps  Ethernet 

•  4  1 0-Gigabit  Ethernet 
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Uptime,  scalability,  performance 
and  security  are  the  watchwords 
for  your  network.The  Serverlron® 
application  switch  is  designed  for 
this  environment.  Its  advanced 
switch-based  architecture 
features  a  scalable  content 
switching  engine  with  hardware- 
based  DoS  protection  delivering 
the  industry’s  most  powerful 
and  secure  application 
switching  solution. 


r 

P0  Appliances  Cannot  Match  the 
Power  and  Flexibility  of  the  Ss/i/af  J/Xiil 

SERVERlRON  PC  APPLIANCES  | 

PERFORMANCE  UPGRADEABILITY 

X 

IN-SERVICE  PORT  EXPANDABILITY 

X 

lO-GE  SUPPORT,  >10  GPBS  THROUGHPUT 

X 

HIGH-DENSITY  DIRECT  SERVER  FAN-OUT 

X 

HARDWARE-BASED  CONNECTION 

MANAGEMENT  AND  DOS  PROTECTION 

X 

WIRE-SPEED  L2/L3  FORWARDING  AND  ACLS 

X 

FOUNDRY 

NETWORKS 

The  Power  of  Performance  ™ 


The  Serverirdn 
Family  of  Products 
Also  Includes: 


SERVERlRON  450  AND  B5D 


Server  l  ronxl 


Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  Enterprise  and  Service  Provider  switching,  routing  and  Web  traffic  management  solutions 
including  Layer  2/3  LAN  switches,  Layer  3  Backbone  switches,  Layer  4-7  Web  switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers. 


FOR  MORE  INFORMATION  PLEASE  CALL:  US/CANADA  1  SSS  TURBOLAN, 
INTERNATIONAL  +1  40B.5S6.1700  OR  VISIT  OUR  WEBSITE  AT  WWW.FOUNDRYNET.COM/SIE 
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FAIS  spurs  storage  applications 


HOW  IT  WORKS 


In- 

ID 

FAIS 

For  high  performance,  storage 
applications  handle  control-plane 
functions  and  delegate  data-path 
functions  to  SAN.  Fabric  Application 
Interface  Standard  (FAIS)  defines  an  API 
to  link  the  functions. 
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O  Storage  application  provides  a  multitude  of  functions,  including  volume  management 
and  data  migration. 

©  The  intelligent  SAN  platform  is  configured  by  the  storage  application  and  processes 
I/Os  in  hardware,  thus  providing  high  performance.  The  platform  also  communicates 
all  fabric  events  back  to  the  storage  application  using  FAIS-based  interfaces. 

©  FAIS  defines  interfaces  such  as  function  calls  and  events  to  support  multiple  services, 
including  front-end,  virtualization  and  back-end  services. 


■  BY  RANGA  BAKTHAVATHSALAM  AND 
CLAUDIO  DESANTI 

A  new  generation  of  storage  volume  man¬ 
agement  and  data-movement  applications 
are  moving  from  servers  and  storage  sub¬ 
systems  into  networks  to  enable  centralized 
management  and  more-scalable  storage- 
area  network  architectures.  To  achieve  the 
required  level  of  performance,  fabric-based 
storage  applications  are  split  into  hardware- 
accelerated  functions  (data  path)  and  non¬ 
hardware-accelerated  functions  (control 
path).  Hardware-accelerated  functions  are 
offloaded  to  intelligent  SAN  platforms  such 
as  switches  or  storage  appliances.  But  the 
storage  applications  and  intelligent  SAN 
platforms  use  proprietary  APIs,  limiting 
migration  between  vendor  platforms. 

To  ensure  smooth  implementation  of 
intelligent  SAN  infrastructures,  the  T11.5 
Task  Group  of  the  ANSI  T1 1  Committee  cre¬ 
ated  a  working  group  to  define  a  standard 
API  between  control-path  and  data-path 
functions  implemented  in  storage  manage¬ 
ment  applications  and  intelligent  SAN  plat¬ 
forms.  Fabric  Application  Interface  Stand¬ 
ard  (FAIS)  should  accelerate  product  de¬ 
velopment  and  give  users  more  choices. 

Splitting  control-path  functions  from  data¬ 
path  functions  lets  the  storage  and  data 
management  applications  delegate  pro¬ 
cessing  of  all  data-path  functions  to  the 
intelligent  SAN  platforms,  while  maintain¬ 
ing  the  control-plane  functions.  By  provid¬ 
ing  the  required  processing  capabilities, 
intelligent  SAN  platforms  are  paving  the 
way  for  network-based  deployment  of  stor¬ 
age  and  data  management  applications. 

FAIS  is  based  on  a  client/server  model, 
where  the  storage  application  acts  as  the 
client  and  the  intelligent  SAN  platform  acts 


as  the  server.  This  decou¬ 
ples  the  implementation 
intricacies  of  intelligent 
SAN  platforms  from  the 
development  of  storage 
applications. 

FAIS  provides  the  API  to 
access  the  data-plane 
functionality  an  intelligent 
platform  supports.The  API 
is  built  on  an  object 
model,  where  various  stor¬ 
age  elements  are  repre¬ 
sented  as  managed  ob¬ 
jects.  For  example,  SCSI  ini¬ 
tiator,  SCSI  target,  logical 
units  and  their  virtualized 
counterparts  are  modeled 
as  objects.  The  storage 
application  and  the  intelli¬ 
gent  SAN  platform  interact 
by  exchanging  informa¬ 
tion  through  these 
objects.  By  standardizing 
the  data  structures  for  the 
various  objects  and  the 
functions  to  access  them, 

FAIS  provides  a  high  level 
of  independence  from  the 
implementation  specifics 
of  an  intelligent  platform. 

FAIS  will  define: 

•  Operational  model 
(client/server  model). 

•  Object  model  (storage 
elements  as  objects)  and  object  defini¬ 
tions. 

•  Function  calls  (API)  to  interact  with  the 
defined  objects. 

•  Software  structures  (libraries)  and  be¬ 
havior  (synchronous  and  asynchronous 
modes). 


FAIS  will  enable  the  storage  applications 
to  use  a  standard  API  to  perform  all  the 
functions  of  a  SCSI  initiator  and/or  a  SCSI 
target.  It  also  will  enable  high-availability 
configurations  and  management  of  the  I/O 
acceleration  functionality  supported  by 
the  intelligent  SAN  platforms. 


Services  supported  by  APIs 
include: 

•  Front-end  services:  For  pro¬ 
cessing  requests  and  events 
that  arrive  at  the  FAIS  platform 
from  the  front  end  such  as  SCSI 
discovery. 

•  Virtualization  services:  For 
volume  management,  including 
storage  pooling,  the  ability  to 
control  and  manage  access  per¬ 
mission  on  independent  vol¬ 
umes  and  the  ability  to  imple¬ 
ment  other  key  storage  functions 
such  as  mirroring  and  striping. 

•  Back-end  services:  For  discov¬ 
ery  and  management  of  storage 
resources  connected  to  the  back 
end  of  the  FAIS  platform,  which 
includes  issuing  commands  to 
these  devices,  and  handling 
errors  and  events  received  from 
them. 

The  working  group  develop¬ 
ing  the  FAIS  standard  expects 
to  release  a  first  draft  of  the 
specification  during  the  sec¬ 
ond  half  of  this  year.  The  stan¬ 
dard  should  significantly  speed 
the  deployment  of  storage 
applications  in  the  fabric  and 
give  users  a  wider  choice  of 
intelligent  SAN  platforms  and 
applications. 


Bakthavathsalam  is  product  manager  for 
Aarohi  Communications  and  DeSanti  is 
technical  leader  of  Cisco’s  Storage  Tech¬ 
nology  Group  and  chairman  of  the  TILS 
FAIS  Working  Group.  They  can  be  reached  at 
ranga@aarohi.net  and  cds@cisco.com, 
respectively. 


Ask 


Dri  Internet  By  Steve  Blass 

We're  looking  to  benchmark  how  other  companies 
manage  sequential  assignment  of  media  access 
control  addresses  across  multiple  manufacturing 
stations  and  facilities.  Can  you  give  us  any  help? 

Information  on  the  actual  manufacturing  process¬ 
es  might  be  difficult  to  find.  The  hardware  address¬ 
es  built  into  network  devices  are  administered  by 
the  IEEE  and  assigned  to  manufacturers  in  blocks. 
The  48-bit  MAC  address  is  being  replaced  by  the 


64-bit  E U I -64  identifier,  See  ww.networkworld.com, 
DocFinder:  7331  for  the  “Guidelines  for  64-bit 
Global  Identifier  (EUI-64)  Registration  Authority" 
as  well  as  additional  hardware  address  guideline 
information.  A  manufacturing  process  portal  at 
www.processonline.com.au  may  be  helpful.  The 
best  exposition  I  could  find  is  an  application  note 
from  Maxim-IC  about  how  to  use  its  1-Wire 
addresses.  A  white  paper  on  the  overall  problem 
offers  three  different  approaches.  The  EUI-64  iden¬ 


tifier  components  containing  hardware  addresses 
for  inclusion  in  other  devices  also  can  be  pur¬ 
chased,  but  that  begs  the  question  of  how- 
addresses  are  assigned  to  those  components.  You 
might  have  to  cold-call  Ethernet  manufacturers 
and  ask  if  they  want  to  explain  it. 

Blass,  a  network  architect  at  Change@Work  in 
Houston,  can  be  reached  at  dr.internet@changeat- 
work.com. 
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751,075,200  seconds  after  the  PC  launch 


GEARHEAD 

inside  THE 

NETWORK 

MACHINE 

Mark 

Gibbs 


Today,  it  is  exactly  23  years,  nine 
months,  19  days;  or  8,693  days;  or 
751,075,200  seconds;  or  12,517,920 
minutes;  or  208,632  hours;  or  just  less  than 
1,241  weeks  since  the  launch  of  the  origi¬ 
nal  IBM  PC  on  Aug.  12,  1981.  For  those  of 
you  who  might  prefer  the  metric  system, 
this  is,  of  course,  equivalent  to  42.42  liters  or 
2,000  kilometers  per  femtosecond  if  we 
ignore  leap  years. 

A  wonderful  service  on  timeanddate.com 
told  us  so.  This  site  provides  a  number  of 
almost  useful  calculators  that  determine 
such  timely  things  as  the  duration  between 
two  dates,  or  when  alternative  birthdays 
(such  as  when  you  are  1  billion  seconds 
old)  will  occur. 

Other  than  providing  you  with  yet  anoth¬ 
er  site  on  which  to  waste  your  highly  valu¬ 
able  time  when  you  should  be  doing  far 
more  productive  things,  we  bring  this  up  as 
a  fairly  thin,  albeit  not  completely  uninter¬ 
esting  way  for  us  to  note  how  far  PCs  have 
come  in  the  short  time  since  their  launch. 


And  what  brought  this  ooh-ah  moment 
home  for  us  was  receiving  a  fantastic  new 
book  titled  The  Linux  Enterprise  Cluster  by 
Karl  Kopper  (DocFinder  7335). 

The  Linux  Enterprise  Cluster  is  a  how-to 
book  and  explains  how  to  convert  two  or 
more  PCs  into  a  high-reliability  high-avail- 
ability  cluster  based  on  Linux  and  inexpen¬ 
sive  hardware  using  free  and  mainly  open 
source  software  —  what  would  have  been 
an  unthinkable  configuration  back  when 
mainframes  ruled  the  earth. 

Exploring  clusters 

The  book  starts  by  exploring  what  is 
meant  when  we  talk  about  a  cluster  and 
offers  the  definition  of  a  system  that  can  be 
used  as“a  single  computing  resource” using 
“a  local  computing  system  comprising  a  set 
of  independent  computers  and  a  network 
interconnecting  them.” 

Key  to  the  concept  is  that  a  cluster  must 
not  have  a  single  point  of  failure.  Should 
any  of  the  individual  computers  in  the  clus¬ 
ter  (the  “nodes”)  fail,  there  must  not  be  a 
failure  of  any  service  provided  by  the  clus¬ 
ter.  This  means  that  any  node  in  the  cluster 
can  fail  and  be  rebooted  without  users  of 
the  cluster  being  aware  of  the  events. 

This  leads  to  the  four  basic  properties  of  a 
cluster,  which  are  all  about  what  we  could 


quite  reasonably  call  “transparency”: 

•  Users  accessing  cluster  services  don’t 
know  that  they  are  using  a  cluster. 

•  Nodes  that  comprise  the  cluster  don’t 
need  to  be  aware  that  they  are  part  of  a 
cluster. 

•  Applications  running  on  nodes  don’t 
need  to  know  they  are  running  in  a  cluster 
environment. 

•  Servers  that  are  not  part  of  the  cluster 
don’t  need  to  know  when  they  are  provid¬ 
ing  services  to  nodes  in  a  cluster. 

The  basic  architectural  elements  of  a 
cluster  are  a  load  balancer,  shared  data 
storage  and  output  devices.  The  load  bal¬ 
ancer  sits  between  the  nodes  and  the  users 
and  distributes  the  incoming  workload  to 
the  node  services.The  shared  data  storage 
must  support  lock  arbitration  to  ensure 
exclusive  access  for  each  process  to  items 
(files,  blocks  or  bytes,  as  required)  in  the 
file  system.The  final  basic  architectural  ele¬ 
ment,  output  devices,  covers  printers,  fax 
lines,  and  so  on. 

To  manage  a  cluster,  we  can  have  one 
more  optional  architectural  element,  a 
Cluster  Node  Manager.  The  cluster  node 
manager  can  provide  an  application  license 
service  —  a  centralized  user  database  and  a 
performance-monitoring  console. 

Building  a  true  enterprise-class  cluster  sys¬ 


tem  is  obviously  quite  a  complex  and  chal¬ 
lenging  task.  The  book’s  approach  is  to  use 
a  number  of  readily  available  subsystems. 
These  subsystems  include  server  data  syn¬ 
chronization  using  the  rsync  package; 
failover  management  using  the  open 
source  Heartbeat  software  (DocFinder: 
7336),  which  includes  Stonith  (which 
stands  for  “Shoot  The  Other  Node  In  The 
Head”  —  DocFinder:  7337)  to  ensure  a 
failed  system  is  really  dead;  the  Linux 
Virtual  Server  project  kernel  patches  to 
enable  load  balancing  (DocFinder  7338); 
and  the  Ganglia  package  (DocFinder: 
7339)  for  collecting  and  displaying  node 
and  cluster  performance  statistics. 

This  book  is  fascinating,  and  while  it  is 
quite  technical  in  places,  it  also  explains 
the  topics  clearly  enough  for  those  not 
quite  so  familiar  with  Linux  to  develop  an 
understanding  of  what  a  cluster  is. 

Over  the  next  week  or  two,  we’ll  look  at 
some  of  these  subsystems  and  how  they 
work.  Maybe  we’ll  even  try  to  get  a  test  clus¬ 
ter  running  under  VMware.  Will  the  fun 
never  end? 

Gather  or  cluster  round  at  gearhead @ 
gibbs.com  or  comment  on  Gearblog 
( www.networkworld.com/weblogs/ 
gearblog). 


CoolToo 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Garry  digital  photos  in  your  pocket 


Giving  new  meaning  to  the  concept  of  wallet-sized  pho¬ 
tos,  Kodak  has  released  its  EasyShare  Picture  Viewer,  a  cred¬ 
it-card-sized  digital  photo  album  that  stores  up  to  150  digi¬ 
tal  photos  (internal  memory 
of  32M  bytes)  and  displays 
them  on  a  2.5-inch  LCD 
screen.The  $150  device 
weighs  2.4  ounces 
and  is  available  in 
retail  stores,  Kodak 


The  EasyShare  Picture  Viewer 
stores  up  to  150  digital  photos 
with  a  memory  of  32M  bytes. 


says. 


To  view  additional  photos,  users  can  insert  a  standard 
Secure  Digital  or  MultiMedia  Card  into  the  device.  Also,  as 
new  digital  photos  get  added  to  a  user’s  PC,  they  can  be 
automatically  downloaded  to  the  Picture  Viewer  when  the 
device  is  connected  to  the  PC.  A  button  labeled  “Share”  lets 
users  mark  favorites  for  printing  and  e-mail.  When  users 
place  the  device  on  a  Kodak  EasyShare  Printer  Dock  Series 
3  (sold  separately),  photos  can  then  be  printed  by  pushing 
a  button.  The  device  also  can  print  to  ImageLink  Print 
System  or  PictBridge-compatible  printers,  Kodak  says. 
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Archos'  AV  700  Mobile  Digital 
Video  Recorder  comes  with 
multimedia  applications 
such  as  a  music  player, 
photo  viewer  and  gaming 
applications. 


Archos  PVP  features 
100G  bytes,  7-inch  screen 

The  latest  personal  video 
player  from  Archos  is  the  AV 
700  Mobile  Digital  Video 
Recorder,  a  portable  device 
that  includes  a  7-inch  wide¬ 
screen  LCD  and  the  ability 
to  directly  record  video 
onto  the  lOOG-byte  drive. 

The  device  is  scheduled  to 
be  available  in  June  on  the 
Archos  Web  site  for  $600 
(40G-byte  version)  or  $800 
(lOOG-byte  model). 

Users  can  record  video  content  from  a  TV  DVD  player, 
VCR,  cable  box  or  satellite  receiver  directly  to  the  AV  700 
(the  device  is  connected  to  the  video  source  through  a  cra¬ 
dle  and  composite  cables). The  device  encodes 
and  plays  back  video  in  MPEG-4  for¬ 
mat,  along  with  MP3  stereo 
sound.  Home  movies  can  be 
transferred  to  the  device 
through  the  USB  host  port  con¬ 
nected  to  a  camcorder,  Archos 
says.  It  includes  a  scheduling 
feature  that  can  change  the 
channel  of  a  VCR,  satellite 
receiver  or  cable  box  to  record  a 
program. 

It  also  comes  with  other  multi- 
media  applications,  such  as  a  music 
player,  photo  viewer  and  some  gaming 
applications  (Mophun  games  are  available  at  the 
Archos  Web  site). The  music  player  can  synchronize  auto¬ 
matically  with  Microsoft  Windows  Media  Player  10,  and 
supports  the  PlaysForSure  program  to  purchase  and  down- 


1  load  content  from  MSN  Music,  Musicmatch, 
;.v.vj  Napster, Wal-Mart  Music  Store  and  CinemaNow. 

’  In  addition  to  Windows  Media  Audio  file  sup- 
‘  t*  port,  the  music  player  can  play  MP3  and  WAV 
0  audio  files. 


Burn  a  CD/DVD  and  label  with  one  device 

Alera  Technologies  last  week  announced  its 
Aleratec  1:1  DVD/CD  Copy  Cruiser  Pro  LS,a  per¬ 
sonal  disc  publisher  that  records  and  duplicates  DVDs  and 
CDs  and  prints  silkscreen-quality  labels  without  a  printer. 
The  device  costs  about  $400. 

The  Copy  Cruiser  Pro  LS  device  uses  LightScribe  technol¬ 
ogy  which  takes  the  optical  drive’s  laser  (the  same  one  that 
burns  the  data  onto  the  disc)  and  controls  the  light  energy 
to  the  disc.  When  the  laser  hits  the  disc,  a  chemical  change 
occurs,  resulting  in  a  reproduction  of  artwork,  text  or  pho¬ 
tos.  LightScribe  is  a  business  unit  of  HP  that  licenses  this 
technology  to  drive  and  disc  makers,  including  Panasonic, 
Pioneer,  BenQ,  Maxell  and  Philips. 

The  Aleratec  device,  which  fits  on 
a  desktop  and  weighs  less  than  12 
pounds,  also  can  function  as  a  1:1 


The  Copy  Cruiser  Pro  LS  uses 
LightScribe  technology,  which  can 
print  on  the  disc  with  the  same 
laser  that  burns  the  data. 


DVD/CD  duplicator  or  an  external  USB  2.0 
DVD/CD  recorder  (with  16x-speed  DVD 
recording  speed),  the  company  says.  Labeling 
software  comes  with  the  device. 

Shaw  can  be  reached  at  kshaw@nww.com.  Check  the 
CoolTools  Weblog  at  www.networkworld.com  for  semi¬ 
weekly  new  gadget  news. 


FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


Microsoft  targets  CPAs  with  application 


■  BY  STACY  COWLEY 

Microsoft  is  paving  the  way  for  its  Sep¬ 
tember  release  of  a  small-business 
accounting  application  by  putting  together 
a  host  of  network  and  support  services  tar¬ 
geted  at  accountants,  including  the  new 
Microsoft  Professional  Accountants  Net¬ 
work  the  company  is  scheduled  to  launch 
within  the  next  three  months. 

The  product  will  take  Microsoft  into  a 
market  dominated  by  Intuit’s  QuickBooks 
accounting  software.  IDC  ranks  Intuit  as  the 
second-largest  vendor  of  accounting  and 
financial  management  software  behind 


SAP  AG.  But  while  SAP’s  forte  is  large  ERP 
systems,  QuickBooks  targets  businesses 
with  up  to  a  few  dozen  employees  —  the 
segment  Microsoft  would  like  to  penetrate 
with  Office  Small  Business  Accounting. 

The  stand-alone  version  will  cost  $200, 
Microsoft  says.  Office  Small  Business 
Accounting  also  will  be  available  as  part  of 
the  Microsoft  Office  Small  Business  Man¬ 
agement  Edition  2006  bundle,  which  will 
include  Business  Contact  Manager  Update 
and  the  2003  editions  of  Outlook,  Word, 
Excel,  PowerPoint,  Publisher  and  Access. 
Pricing  has  not  been  announced. 

To  generate  interest  in  the  new  software, 


Microsoft  is  creating  the  Microsoft  Profes¬ 
sional  Accountants  Network,  a  program 
that  would  offer  technical  support,  continu¬ 
ing-education  training  classes  and  network 
resources  aimed  at  certified  public 
accountants  (CPA).  The  program  would 
have  two  membership  tiers,  a  free  level  and 
a  $300-per-year  level,  offering  additional 
technical  support  and  free  access  to  vari¬ 
ous  Microsoft  products  and  services. 

As  a  further  enticement,  Microsoft  also  is 
offering  CPAs  free  copies.  Accountants  can 
sign  up  on  Microsoft’s  Web  site  for  a  free 
pre-release  version. The  pre-release  version 
is  a  full  edition  of  the  software  with  no  lim- 


Sage  entrenched  in  reseller  market 


SMALL 
BUSINESS  TECH 

James  Gaskin 


You  know  all  sorts  of  information 
about  The  Sage  Group  even  if  you 
don’t  realize  it.  Use  Act  for  customer 
tracking?  DacEasy  accounting?  Does  your 
accountant  use  CPASoftware?  They  all  live 
under  the  Sage  Group  umbrella. 

Of  course,  before  last  week  these  prod¬ 
ucts  were  under  the  Best  Software  umbrel¬ 
la.  But  at  its  third  annual  partner’s  conven¬ 
tion,  Insight  2005,  Sage  announced  that  its 
Best  subsidiary  was  being  rechristened 
Sage  Software. 

Sage  grew  by  acquisition  (none  of  the 
three  programs  mentioned  above  were 
developed  by  the  company)  and  reliance 
on  resellers.lt  plans  to  continue  the  reseller 
focus,  and  meetings  at  the  convention 
were  filled  with  resellers  and  other  busi¬ 
ness  partners  to  learn  about  new  and  cur¬ 
rent  programs.  The  resellers  wanted  to 
meet  other  resellers  they  could  partner 
with  to  extend  their  coverage. 

The  business  partners  smooth  over  the 
rough  seams  between  products  to  serve 
growing  companies  in  vertical  markets. 
For  sales  functions,  small  companies  start 
with  Act,  the  leading  contact  manager 
(which  will  soon  have  a  Web  version). 
Single-user  Act  installations  give  way  to 


networked  Act,  which  gives  way  to 
SalesLogix,  Sage’s  CRM  application  for 
small  to  midsize  businesses. 

A  Sage  reseller  will  sell  both  Act  and 
SalesLogix,  and  therefore  help  with  the 
transition,  or  will  bring  in  another  Sage 
reseller  to  help.  Most  Sage  resellers  make  as 
much  or  more  money  from  services,  such 
as  customization,  as  they  do  from  selling 
software  licenses. 

Just  as  Intuit  pushes  customers  from 
Quicken  to  QuickBooks,  Sage  starts  the 
process  with  DacEasy  and  moves  them  up 
to  Peachtree  or  Accpac.  There  are  no  one- 
click  data-conversion  tools  between  all 
these  applications,  so  Sage’s  reseller  chan¬ 
nel  steps  in. 

The  step-up  pattern  works  across  a  vari¬ 
ety  of  applications  and  industries. 
TimeSlips,  from  Sage  subsidiary  TimeSlips, 
for  single  users  and  small  companies,  gives 
way  to  TimeSheet  Professional  for  larger 
corporations.  Krista  Endsley  general  man¬ 
ager  of  TimeSheet  Professional  says  the 
company  has  about  350  law  firm  cus¬ 
tomers  and  has  never  been  sued. 

If  you’re  in  the  construction,  real  estate  or 
property  management  industries,  you’re 
familiar  with  Timberline  Software.  Another 
Sage  acquisition, Timberline  has  new  doc¬ 
ument-management  modules  and  sets  the 
standard  for  the  Universal  Desktop  initia¬ 
tive.  Sage  gradually  will  give  all  its  applica¬ 
tions  the  same  look  and  feel  that 
Timberline  has  now.  This  realignment  will 
take  time,  but  should  help  create  a  “Sage” 
look  to  applications. 

All  these  things  are  great,  but  I  have  a  cou¬ 
ple  of  quibbles.  Although  Sage  Chairman 
Ron  Verni  talks  about  cross-platform  appli¬ 


cations,  the  new  Act  Web  software  runs 
only  on  Internet  Explorer.  Act  has  been 
Windows-centric  from  the  beginning,  but 
has  any  other  company  introduced  a 
major  hosted  product  upgrade  using  a 
browser  interface  that  keeps  customers 
locked  into  Windows?  Isn’t  the  Web  option 
a  way  to  open  the  client  to  a  variety  of  plat¬ 
forms?  I’m  betting  this  restriction  is  forced 
by  Act’s  reliance  on  the  Windows  .Net 
framework  on  the  clients  —  another  quib¬ 
ble  I  have  (OK,  argument,  because  .Net 
always  causes  me  problems).  The  days  of 
cross-platform  speeches  but  single-plat¬ 
form  products  are  past. 

The  products  under  the  Sage  umbrella 
sometimes  overlap,  a  consequence  of 
acquisition  vs.  internal  development.  But 
upgrades  seem  to  be  stepping  on  each 
other,  such  as  Peachtree  adding  a  Con¬ 
struction  module  that  duplicates  some  of 
what  Timberline  offers.  Sage  says  it  man¬ 
ages  these  overlaps,  which  of  course  it  has 
to  say  But  resellers  say  the  company  guides 
customers  through  the  maze,  and  I  believe 
them.  A  good  reseller  will  make  up  for  a  ton 
of  corporate  mistakes,  so  trust  your  local 
supplier.  Besides,  resellers  aren’t  restricted 
to  one  corporate  relationship. 

You  might  need  to  upgrade  out  of  the 
Sage  family  and  your  reseller  can  help.  But 
the  Sage  family  is  growing  so  much  you 
can  grow  from  your  garage  to  a  multina¬ 
tional  corporation  and  stay  under  its 
umbrella. 

Gaskin  is  a  consultant  in  the  Dallas  area 
who  helps  small  and  midsize  businesses 
use  technology  intelligently.  He  can  be 
reached  at  readers@gaskin.com. 


itations  or  expiration  date,  says  Microsoft’s 
Cindy  Bates. 

Shafat  Qazi,  CEO  of  Microsoft  partner 
BQE  Software,  says  he  expects  Office  Small 
Business  Accounting  to  win  over  cus¬ 
tomers  currently  using  Excel  spreadsheets 
to  handle  their  accounting. 

“This  will  appeal  to  people  who  don’t  typ¬ 
ically  use  any  of  the  accounting  products 
now,  people  who  feel  like  they’re  not 
trained  enough  to  use  applications  like 
QuickBooks  without  an  accountant  by 
their  side,”  Qazi  says. 

BQE,  in  Los  Angeles,  makes  billing  and 
project-management  software.  It  has  been 
an  Intuit  partner  for  several  years  and  its 
flagship  product,  BillQuick,  integrates  with 
QuickBooks.  The  newest  version  also  will 
integrate  with  Microsoft’s  accounting  soft¬ 
ware,  Qazi  says.  In  the  15  months  BQE  has 
been  working  with  Microsoft  on  the  devel¬ 
oping  Office  Small  Business  Accounting 
software,  it  has  emphasized  to  Microsoft  the 
importance  of  integration. 

“People  are  no  longer  comfortable  with 
import/export.  They  want  behind-the- 
scenes  integration,” Qazi  says.“It  was  critical 
for  us  that  integration  be  as  seamless  as 
possible,  so  that  the  end  user  doesn’t  feel 
like  they’re  working  with  two  products.” 

Office  Small  Business  Accounting  is 
scheduled  for  a  September  release  in  the 
U.S.,  with  international  editions  coming 
later  on  a  yet-to-be-determined  schedule.To 
smooth  the  new  software’s  launch,  Micro¬ 
soft  is  striking  alliances  and  sponsorship 
deals  with  accounting-industry  vendors. 
The  company  also  has  teamed  with  Auto¬ 
matic  Data  Processing,  which  will  integrate 
two  of  its  small-business  payroll  sen-ices 
with  Microsoft’s  accounting  software. 

Cowley  is  a  correspondent  with  the  IDG 
News  Service. 


More  online! 

Learn  about  the  solutions  small  to  midsize  businesses 
need  to  increase  productivity  cut  costs,  tighten  secu 
rity.  Attend  a  special  Network  World  ami  exclus.voiy 
for  small  to  midsized  business  executives. 
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OH  TECHNOLOGY 

Beth  Schultz 

Become  an 
Enterprise 
All-Star 


Have  you  wrapped  up  a  great  IT  project  lately?  One 
that  shows  truly  innovative  use  of  network  technol¬ 
ogy  or  a  demonstrable  improvement  in  business 
operations?  If  so,  then  get  ready  to  exercise  your  boasting 
rights. 

Don’t  be  shy  Consider  nominating  your  project  in 
Network  World's  newest  reader  award  program:  the 
Enterprise  All-Star  Awards.  All  you  have  to  do  is  head  to 
www.networkworld.com,  plug  in  DocFinder:  7333  and  tell 
us  why  your  project  is  exemplary  what  business  problem 
it  solves  and  how. 

The  Enterprise  All-Star  Awards  program  represents  the 
evolution  of  our  longtime  User  Excellence  Award  com¬ 
petition,  through  which  we  recognized  companies  that 
used  newer  infrastructure  technologies  in  practical  ways 
or  that  creatively  adapted  mainstream  technologies.  It 
also  merges  in  the  Extended  Enterprise  Innovator  Award, 
launched  several  years  ago  to  honor  companies  for 
extraordinary  e-business  initiatives. 

While  each  of  those  programs  recognized  a  main  win¬ 
ner  and  one  or  two  runners-up,  the  Enterprise  All-Star 
Awards  is  more  granular.  We’ll  select  winners  by  technol¬ 
ogy  category,  with  the  goal  of  honoring  dozens  of  user 
organizations  for  top-notch  projects. 

So  maybe  you’ve  built  a  services-oriented  architecture 
that  has  allowed  your  company  to  develop  new  business 
opportunities.  Perhaps  you’ve  orchestrated  a  major  server 
consolidation,  or  virtualized  your  storage.  Or  has  your 
focus  been  on  building  a  wireless  infrastructure  to  sup¬ 
port  mobile  employees?  No  matter  —  there’s  a  fit  with 
the  Enterprise  All-Star  Awards. 

Enterprise  All-Star  Award  categories  include:  applica- 
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Walk  the  walk 

Regarding  “Cisco  wears  a  big  target,  plugs  IOS  leaks” 
(www.networkworld.com,  DocFinder:  7323):  Until 
Cisco  defines  a  default  for  configuring  and  manag¬ 
ing  its  network  devices  that  uses  something  more 
secure  that  trivial  FTP  it  should  not  be  even  consid¬ 
ered  a  provider  of  security  resources.  In  addition, 
security  is  considered  an  add-on  in  many  of  Cisco’s 
products.  If  you  want  to  be  taken  seriously  in  securi¬ 
ty  you  need  to  “walk  the  walk.” 

Todd  Hudspeth 
Apple  Valley  Minn. 

No  strategic  snooping 

1  have  grave  issues  with  Linda  Musthaler’s  column, 
“E-mail  snooping:  A  smart  strategy”  (DocFinder: 
7324).  As  far  as  federal  law  is  concerned,  reading 
e-mail  is  the  same  as  listening  to  a  phone  conversa¬ 
tion.  On  federal  networks,  the  reading  of  e-mail 
requires  the  same  legal  trail  as  a  phone  wiretap.  No 
one  can  read  e-mail  —  at  rest,  in  transit  or  in  the 
memory  buffer  —  without  a  court  order  authorizing 
the  action.  Even  though  the  federal  government  re¬ 
quires  a  warning  banner  that  all  computer  use  by 
employees  is  subject  to  monitoring,  and  employees 
accept  this  warning  before  using  the  system,  e-mail 
is  specifically  exempted  from  this  regulation.  Even 
after  Sept.  1 1 ,  e-mail  is  treated  as  a  personal  conver¬ 
sation,  just  like  a  phone  call.  Seek  the  advice  of  legal 
counsel  before  reading  anyone’s  e-mail. 

Andy  Murren 
Mendham,  N.J. 

Regarding  Linda  Musthaler’s  column, “E-mail  snoop¬ 
ing:  A  smart  strategy”:  With  employee  trust  at  an  all- 
time  low  in  corporate  America,  this  is  a  slippery- 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


slope  issue. We  are  living  in  a  period  when  individual 
liberties  are  being  trampled  to  cover  the  possibility 
of  indiscretion  or  abuse  from  a  very  small  minority 
When  we  attempt  to  define  black  and  white  within 
a  society  that  is  naturally  filled  with  gray  success  is 
unachievable  and  no  one  really  wins. 

We  must  somehow  come  back  to  the  realization 
that  “having  a  right”  is  not  necessarily  the  same  as 
“doing  what  is  right”  for  big-picture,  long-term  suc¬ 
cess. 

Dan  Morford 
Tampa,  Fla. 

Swatting  spyware 

Regarding  Mark  Gibbs’  BackSpin  column  “Betting  on 
the  future”  (DocFinder:  7325),  in  which  he  describes 
his  browser  being  hijacked  by  spyware:  Gibbs 
should  consider  simply  switching  browsers.  I’ve  yet 
to  come  across  one  of  those  annoying  pieces  of 
scumware  that  takes  over  Internet  Explorer  that  also 
affects  Mozilla  Firefox.  If  you  want  to  be  rid  of  nearly 
all  browser-hijacking  spyware,  dump  Internet  Ex¬ 
plorer.  Sure,  you’ll  still  need  it  for  those  few  sites  writ¬ 
ten  by  brain-dead  Webmasters,  but  for  99%  of  the 
rest,  you  can  use  a  safer  browser. 

Jim  Michael 
IS  manager 
City  of  Chesterfield,  Mo. 

My  solution  to  spyware  was  easy  Linux  installed  very 
nicely  on  my  laptop,  and  because  it  doesn’t  have  a 
huge  “exploit  me”bull’s-eye  hanging  on  it, spyware  is 
not  an  issued  have  only  one  Windows  application,  a 
grade  book,  and  I  run  that  through  a  remote  desktop 
session  on  a  Windows  box.  Now  if  only  the  rest  of  the 
users  on  my  network  could  be  so  flexible. 

Tim  Kaldahl 
IT  coordinator 
Maplewood  Academy 
Hutchinson,  Minn. 


tions,  conwgence/VoIRe-ftmmerce,  LANs/routers,  net¬ 
work  and  systems  management,  operating  systems,  secur¬ 
ity  servers/desktops,  storage,  WANs  and  wireless/mobile. 
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Find  out  what,  readers  are  saying  about  these  and  other  topi&s. 
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Award  winners  will  be  enterprise  user  organizations  that 
act  as  role  models  for  the  use  of  one  or  more  of  these 
technologies  within  their  particular  vertical  markets  and 
the  business  world  at  large. 

Enterprise  All-Star  Award  winners  will  share  their 
projects  in  a  special  Network  World  Signature  Series 
issue  in  November.  Winning  an  Enterprise  All-Star  Award 
will  give  you  recognition  for  your  hard  work  and 
accomplishments. 

So  don’t  hesitate  to  seek  recognition  for  a  job  well  done. 
The  deadline  to  nominate  your  project  is  July  8.  Head 
online,  and  fill  out  a  form.Your  project  might  just  become 
one  of  the  inaugural  Enterprise  All-Star  winners. 
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LIPPIS  OH  COMMUNICATIONS 

Nick  Lippis 


ith  its  Self-Defending  Network  strategy, 
focus  on  adaptive  threat  defense  and 
Network  Admission  Control  initiative, 
Cisco  has  become  the  largest  network  secur¬ 
ity  provider  and  trusted  network  player  in  the 
industry  What  Cisco  is  doing  is  putting  auto¬ 
mated  protections  into  the  network  to  defend 
against  the  harmful  effects  of  viruses,  worms  and  exploits.  Bill  Gates  and 
Steve  Ballmer  should  personally  thank  John  Chambers  for  the  invest¬ 
ment  he  is  making  in  network  security  to  fix  what  is  mostly  a  Microsoft- 
inflicted  industry  problem. 

Today  when  an  attack  occurs,  IT  staff  have  to  drop  everything  until 
they  contain  the  exploit,  and  patch  and  cleanse  end  systems  and 
servers  within  the  network.  Firewalls,  intrusion-detection  and  intrusion- 
prevention  systems,  and  anti-virus  software  alone  cannot  protect  a  cor¬ 
porate  network  from  the  onslaught  of  exploits.  An  all-encompassing 
approach  to  network  security  is  needed. 

Enter  Cisco.  A  key  part  of  Cisco’s  network  security  strategy  involves 
deploying  client  software  on  desktops.  The  innovative  behavioral  pro¬ 
tection  technology  within  Cisco  Security  Agent  (CSA)  and  Cisco  Trust 
Agent  (CTA)  stops  exploits  at  end  systems  before  they  start  propagating 
throughout  the  network.  In  conjunction  with  CSA  and  CTA,  Cisco’s  NAC 
initiative  challenges  an  endpoint’s  conformance,  defined  by  policy 
management,  before  allowing  admission  to  the  network. 

But  no  system  will  be  100%  protected, and  client  software  plus  admis¬ 
sion  control  is  not  enough  for  proactive  security  management.  That’s 
why  adaptive  threat  defense  technology  is  evolving  toward  behavior 


Cisco  gets  proactive 


anomaly  detection  and  defenses. 

A  network  becomes  more  responsive  to  a  broad  set  of  possible 
attacks  and  threats  when  security  functions  work  together  as  a  sys¬ 
tem. This  lets  the  network  shut  down  or  compartmentalize  segments, 
virtual  LANs,  endpoints,  ports,  flows  and  so  on. The  key  ingredient  is 
a  shift  from  relying  on  signature-based  defenses  toward  behavioral 
defenses.  Essentially,  you  look  for  bad  behavior.  That’s  just  what 
Cisco’s  CSA  does,  in  addition  to  providing  a  distributed  personal  fire¬ 
wall  and  application  lockdown  capability 

Threat  defense  initiatives  that  use  signature  defenses  with  behav¬ 
ioral-anomaly  detection  embedded  in  client  software  and  threat 
defense  appliances  are  coming  on  the  market.  But  it  will  take  some 
time  for  IT  managers  to  become  comfortable  with  behavior-based 
threat  defense.  It’s  the  automated  mitigation  function  that  leaves  net¬ 
work  executives  a  bit  uneasy  now. They  have  to  gain  confidence  with 
highly  automated  defenses  before  they  turn  on  the  autopilot.  This 
trust  will  be  gained  over  time. 

Today’s  adaptive  threat  defense  appliances,  when  combined  with 
behavioral  defenses,  will  go  a  long  way  toward  letting  network  security 
administration  shift  from  a  reactive  to  a  proactive  posture,  giving  staff 
proper  time  to  schedule  patches,  contain  outbreaks  and  get  out  of  the 
security-crisis  mode  of  operation. 

Lippis  consults  to  CIOs  of  Global  2000  companies  and  their  direct 
reports  on  network  architecture  development  and  funding.  He  pub¬ 
lishes  the  “ Lippis  Report"  (www.lippis.com)  and  can  be  reached  at 
nick@lippis.com 
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ABOVE  THE  CLOUD 

James  Kobielus 


very  few  years  Microsoft  issues  another 
grand,  unified  plan  for  identity  manage¬ 
ment.  Well,  they’ve  done  it  again. 

At  the  turn  of  the  millennium,  Microsoft 
launched  Passport,  an  initiative  under  which 
the  vendor  sought  to  become  the  world’s  pre¬ 
eminent  identity  aggregator  and  authentica¬ 
tion  service.  A  few  years  later,  Microsoft  issued  a  comprehensive  Web 
services  security  road  map  that  included  the  WS-Federation  protocol 
and  marginalized  Passport’s  role  in  identity  management.  Now  we  have 
a  new  Microsoft  strategy,  Identity  Metasystem,  which  grants  WS- 
Federation  and  such  rivals  as  the  Security  Assertion  Markup  Language 
(SAME)  more  or  less  equal  footing  (see  story  at  www.networkworld. 
com,  DocFinder:  7326). 

Why  is  Microsoft  distancing  itself  from  its  previous  identity  manage¬ 
ment  strategies?  The  reason  is  simple.  Neither  Passport  nor  WS- 
Federation  has  gained  much  industry  support  beyond  a  hard  core  of 
Microsoft’s  closest  business  partners  while  the  rest  of  the  industry  has 
flocked  to  SAML. 


Microsoft’s  new  party  line  for  identity  management  stresses  the  need 
for  a  universal  identity  environment  that  supports  interoperation  of 
multiple  identity  technologies  run  by  multiple  identity  providers.  This 
represents  a  180-degree  turn  away  from  WS-Federation  and  Passport. 
The  former  was  intended  to  serve  as  the  single  universal  federated 
identity  management  protocol;  the  latter  was  positioned  as  an  uber- 
identity  provider  for  all  of  cyberspace. 

To  a  great  extent,  the  Identity  Metasystem  strategy  repackages  the  core 
WS  specifications  that  Microsoft  has  championed  over  the  past  three 
years.  Microsoft  hasn’t  totally  abandoned  WS-Federation  but  now  posi¬ 
tions  it  as  the  federated  identity  management  plumbing  within  the 
Active  Directory  Federation  Services  feature  of  Windows  Server  2003 
and  Longhorn. 

The  only  truly  new  component  of  Microsoft’s  identity  management 


Microsoft’s  ill-conceived  ID  plan 


strategy  is  InfoCard,  which  will  be  implemented  in  Longhorn.  InfoCard 
is  a  privacy-protection  feature  within  the  Longhorn  client.lt  will  provide 
a  secure  client-side  store  of  identity  information  for  authenticating  to 
various  relying  services.  Users  also  will  be  able  to  selectively  withhold 
privacy-sensitive  InfoCard  identity  attributes  from  relying  services,  and 
to  define  and  enforce  policies  regarding  which  relying  services  may 
access  which  client-store  attributes. 

Privacy  protection  is  the  principle  theme  of  Microsoft’s  new  identity 
management  strategy  This  comes  through  loud  and  clear  in  the  iden¬ 
tity  laws  promulgated  by  Kim  Cameron,  the  mastermind  behind  the 
strategy  Cameron  says  identity  management  systems  must  gain  user 
consent  before  revealing  information  identifying  the  user;  disclose  the 
minimum  amount  of  identifying  information  necessary;  limit  that  dis¬ 
closure  to  parties  with  a  need  to  know;  provision  public  and  private 
identifiers  for  pointing  to  users’  identity  data;  and  provide  user  inter¬ 
faces  that  help  people  avoid  revealing  personal  information  to  phish¬ 
ing  and  pharming  scams.  Missing  from  Cameron’s  laws  is  any  mention 
of  trust  management,  strong  assurance,  multifactor  authentication,  sin¬ 
gle  sign-on,  role-based  access  control,  confidentiality  integrity,  nonrepu¬ 
diation,  audit,  compliance  and  governance. 

It’s  good  to  see  Microsoft  recognizes  where  it  went  astray  in  its  previ¬ 
ous  identity  management  visions.  But  its  new  strategy  is  too  narrowly 
focused  to  serve  as  the  basis  for  a  truly  universal,  general-purpose,  fed¬ 
erated  identity  management  environment.  And  its  InfoCard  mecha¬ 
nism  does  little  to  address  the  threat  of  identity  theft  on  server-based 
identity  providers  throughout  the  federated  world.  Microsoft  needs  to 
think  through  these  issues  more  comprehensively  before  releasing 
grandiose  new  vision  statements. 


Privacy  protec¬ 
tion  is  the  princi¬ 
ple  theme  of 
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identity  manage¬ 
ment  strategy. 


Kobielus  is  a  senior  technical  systems  analyst  at  Exostar,  a  business-to- 
business  trading  exchange  serving  the  aerospace  and  defense  industry. 
He  can  be  reached  at  (703)  924-6225  or  james_kobielus@hotmail.com. 
The  opinions  expressed  are  his  own. 
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Prison?  ...  An  IT  guy? 

. . .  For  violating  HIPAA 
or  Sarbanes-Oxley?  . . . 
Could  it  really  happen? 

It’s  known  as  the  “go-to-jail  scenario”  in  IT 
circles,  a  confluence  of  events  that  might 
land  a  CIO  or  network  executive  not  just  in 
hot  water,  but  behind  bars.You’ve  probably 
heard  loose  talk  about  this  risk  at  industry 
conferences  and  in  the  press.  But  can  an  IT 
exec  actually  end  up  doing  hard  time  — 
as  opposed  to  being  fired  or  fined  —  for 
violating  one  of  these  federal  laws? 
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The  jury  is  still  out.  Everyone  we  talked  to  pretty  much  agrees  that  the 
go-to-jail  scenario  is  a  long  shot  that  would  require  overt  bad  deeds  far 
beyond  simply  screwing  up.  But  no  one  was  willing  to  entirely  rule  out 
the  possibility  of  a  stretch  in  the  slammer,  either. 

Clearly  the  legislation  and  regulations  governing  the  Health  Insur¬ 
ance  Portability  and  Accountability  Act,  the  Sarbanes-Oxley  Act  and 
the  like  include  criminal  penalties:  up  to  10  years  in  prison  with  HIPAA 
for  “obtaining  or  disclosing  protected  health  information;”  10  to  20 
years  with  SOX  for  “destruction,  alteration  or  falsification  of  records,” 
just  to  cite  two  examples. 

And  a  former  cancer  clinic  worker  in  Seattle  became  the  first  per¬ 
son  convicted  of  criminal  charges  under  HIPAA  last  November.  The 
sentence:  16  months  for  using  patient  information  to  fraudulently 
obtain  credit  cards.  Experts  say  this  case  isn’t  all  that  instructive  in 
terms  of  how  these  laws  will  be  applied  toward  IT  executives  because 
this  type  of  outright  fraud  has  always  carried  the  threat  of  prison. 

But  the  reality  is  that  more  IT  professionals  are  finding  themselves  in 
the  enforcement  cross  hairs.“There’s  no  question  that  more  and  more 
people  from  the  IT  world  are  becoming  responsible  for  electronic 
records  management,”  says  Bob  Williams,  president  of  Cohasset 
Associates,  a  Chicago  consulting  firm  that  specializes  in  document 
management.  Primary  responsibility  for  electronic  records  manage- 
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ment  rests  with  IT  in  more  than  70%  of 
organizations,  according  to  a  Cohasset 
Associates  survey  of  2,200  records-man- 
agement  professionals.  And  with  that  pri¬ 
mary  responsibility  comes  vulnerability  to 
enforcement  penalties. 

“Clearly  Sarbanes-Oxley  holds  out 
prison  as  a  possibility,  but  I  think  that  it  is 
more  likely  to  occur  for  senior  manage- 


HIPAA  CRIMINAL  PENALTIES 

Any  person  who  knowingly  obtains  or  discloses  indlvidua 
identifiable  health  information  in  violation  of  the  Administrative 
Simplification  Regulations  faces  a  fine  of  up  to  $50,000,  as 
well  as  imprisonment  up  to  one  year.  Offenses  committed  under 
false  pretenses  allow  penalties  to  be  increased  to  a  $100,000 
fine,  and  up  to  five  years  in  prison.  Finally,  offenses  committed 
with  the  intent  to  sell,  transfer  or  use  individually  identifiable 
health  information  for  commercial  advantage,  personal  gain  or 
malicious  harm  permit  fines  of  $250,000,  and  imprisonment 
for  up  to  10  years. 
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ment  than  even  a  CIO,”  says  Williams.  That  “more  likely”  is  the  type  of 
caveat  that  experts  sprinkle  throughout  their  ruminations  on  this  sub¬ 
ject,  which  may  or  may  not  lend  comfort  to  IT  professionals  who  find 
themselves  in  a  compliance-related  crossfire. 
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“Maybe  we  should  say  it  backwards: 
Can  you  definitively  say  an  IT  person 
would  not  go  to  jail?”  says  Jonathan  Red¬ 
grave,  an  attorney  with  the  Washington 
office  of  Jones  Day,  who  specializes  in 
electronic  records  issues.  “You  can’t  say 
that  they  wouldn’t;  it  really  depends  on 
the  facts  of  the  situation.” 

The  U.S.  Department  of  Justice,  which  is 
charged  with  assessing  alleged  H1PAA 
violations  sent  to  it  from  the  Office  for 
Civil  Rights  within  the  Department  of 
Health  and  Human  Services,  couldn’t  pro¬ 
vide  much  in  the  way  of  clarification. 

If  the  Justice  Department  agrees  that  a 
HIPAA  complaint  warrants  criminal  prose¬ 
cution,  it  will  forward  the  case  to  the  U.S. 
Attorneys  Office  nearest  the  infraction.“It  is 
a  case-by-case  basis,  and  the  scrutiny  has  to 
be  made  on  each  and  every  one  to  deter¬ 
mine  whether  the  government  is  going  to 
prosecute," says  Charles  Miller, a  spokesman 
for  the  Justice  Department.  As  for  hypothet¬ 
ical  situations  involving  IT  personnel,  the 
government  cannot  offer  blanket  assur¬ 
ances  about  avoiding  jail,  he  says. 


SARBANES-OXLEY:  SEG.  1519.  DESTRUCTION,  ALTERATION  OR  FALSIFICATION 
OF  RECORDS  IN  FEDERAL  INVESTIGATIONS  AND  BANKRUPTCY 

Whoever  knowingly  alters,  destroys,  mutilates,  conceals,  covers  up,  falsifies  or  makes  a  false  entry  in  any  record, 
document  or  tangible  object  with  the  intent  to  impede,  obstruct  or  influence  the  investigation  or  proper  adminis¬ 
tration  of  any  matter  within  the  jurisdiction  of  any  department  or  agency  of  the  United  States  or  any  case  filed 
under  title  11,  or  in  relation  to  or  contemplation  of  any  such  matter  or  case,  shall  be  fined  under  this  title,  impris¬ 
oned  not  more  than  20  years,  or  both. 


there’s  no  clear  policy  in  place  you  might  illegal.”You  also  might  have  a  harder  time 
be  doing  something  that  is  technically  fending  off  the  executive  who  is  demand- 
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ing  access  to  a  particular  set  of  records. 

The  bottom  line  is  that  preparation 
beats  complacency,  Redgrave  says. 
“People  talk  about  this  and  while  it’s  not 
an  everyday  occurrence,  there  certainly  is 
an  element  of  risk  such  that  the  people 
involved  really  need  to  understand  what 
they’re  doing.”  ■ 


Where  there's  a  will . . . 

Willfulness  of  action  would  likely  be  a 
key  component  weighed  by  any  enforce¬ 
ment  authority  Redgrave  says,  and  if  an  IT 
person  was  found  to  be  a  willing  partici¬ 
pant  in  any  attempt  to  illegally  access, 
delete  or  cover  up  protected  records  it  is 
more  likely  that  criminal  penalties  would 
apply.  Simply  doing  a  lousy  job  isn’t  likely 
to  land  one  in  jail,  he  says. 

“Where  you  get  the  criminality  is  with 
obstruction  of  justice,  like  the  Arthur 
Anderson  situation,”  Redgrave  says.  “Let’s 
say  you  are  someone  in  the  IT  department 
at  Arthur  Anderson  and  you  decide  it’s  a 
good  idea  —  even  though  you  know  the 
SEC  is  coming  —  to  allow  purges  to  take 
place  or  press  the  system  operator  to  have 
the  purge  take  place: You’re  getting  closer 
to  a  problem.” 

Craig  Rhinehart,  director  of  compliance 
markets  and  products  at  FileNet,  sees  the 
threat  in  more  cut-and-dried  terms.“Yes,  IT 
professionals  can  go  to  jail,”  he  says. 
According  to  Rhinehart,  the  challenge  for 
IT  professionals  will  be  balancing  the 
immediate  risk  —  an  agitated  boss  at  their 
door  right  this  moment  —  against  the 
future  risk  of  being  held  accountable  for 
a  compliance  violation  that  may  carry 
criminal  penalties. 

“Some  senior  manager  comes  to  an  IT 
administrator  and  says  ‘I  need  to  have 
access  to  these  files’  If  you  give  him 
access,  you  may  have  just  become  an 
accomplice  to  a  crime,”  Rhinehart  says. 
“You  can’t  tell  me  that  most  mid-level  or 
even  senior  IT  managers  [won’t  acqui¬ 
esce]  if  the  CEO  or  CFO  comes  marching 
into  their  office  and  says  they  need  to 
check  on  a  few  things.” 

The  key  to  avoiding  that  scenario  is  a 
clear  set  of  policies  and  procedures  for 
managing  any  information  that  might  be 
subject  to  corporate  governance  laws  or 
litigation,  Rhinehart  says.“If  not,  you  leave 
the  interpretation  up  to  the  individual 
and  that’s  where  trouble  starts,”  he  says.“lf 


NETWORK  MANAGEMENT  POWERFUL 
ENOUGH  TO  DO  EVERYTHING 


IS  TOO  COMPLEX  TO  DO  ANYTHING 


A  IMWITCH 

#  WhatsUp 

Professional! 


Don’t  get  stuck  with  more  than  you'll  ever  use  and  less 
than  you  need.  Ipswitch  WhatsUp'"  Professional  is  designed 
specifically  for  small-  and  medium-sized  businesses. 


So  you  get  essential  network  management  without  high 


administrative  costs  and  effort.  Featuring  comprehensive  alerts,  ,  .  . 


automatic  device  mapping,  detailed  trend  reports  and  secure 
remote  access  -  it’s  a  smarter  solution,  instead  of  a  bigger  ond. 


Ipswitch  WhatsUp  Professional. 
It  just  works. 


•V 


.•~.T 

* 


■ 

-•  j,  *.• 


.m1 


4  i.’ 

•  ■-  • 


Visit  www.ipswitch.com  to 
download  a  30-day  free  trial. 


1TC.H 


WhatsUp  is  a  registered  trademark  of  Ipswitch,  Inc.  All  other  trademarks  are  the  property  of  their  respective  owners. 


ffelWol 


rid 


5/30/05 

sms y 


www.networkworld. 


'  ri  >xtp. 


BH 

KM-*  '  *  ■  -vUl  y  y  . «t 
-  sUP  f  ,£fL 

d 


Qt 

u 


gateways 


Check  Point’s  VPN-1  Edge  W  security 
device  picks  up  wireless  support 


Cm  BY  JOEL  SNYDER,  NETWORK  WORLD  LAB  ALLIANCE 

heck  Point’s  new  VPN-1  Edge  W  touts  wireless  access  support,  better  performance 
and  a  new  print  server,  a  combination  that  makes  it  a  solid  addition  to  the  compa¬ 
ny’s  line  of  small  security  gateways.  In  this  exclusive  Clear  Choice  test,  we  focused 
on  the  features  most  attractive  to  enterprise  network  managers:  wireless, VPN,  QoS, 
high  availability  and  management. 


The  Edge  W  —  anchored  with  a  scaled- 
down  version  of  NG  Version  5,  Check 
Point’s  enterprise-class  firewall  —  ships 
with  six  Ethernet  ports,  two  wireless 
antennas  and  a  serial  port  that  can  be 
used  for  console  access  or  dial  backup. 
One  Ethernet  port  is  dedicated  for  Inter¬ 
net  outbound  access,  with  the  others 
assigned  to  other  functions.  The  Edge  W 
can  support  up  to  seven  security  and  IP 
routing  zones,  or  as  many  as  10  zones  if 
you  use  802. lq  virtual  LAN  tagging. 

The  most  obvious  addition  to  the  Edge 
W  is  wireless  support  in  the  form  of  an 
embedded  802.1  lb/g  access  point  with 
optional  “Super  G”  mode  (a  derivative  of 
the  54M  bit/sec  802.1  lg  standard  that 
bonds  channels  together  for  higher 
throughput).  Although  the  Edge  W  has 


Net  Results 


OVERALL  RATING 


VPN-1  Edge  W 


Company:  Check  Point,  www.checkpoint 
com  Cost:  Ranges  from  $800  to  $2,200. 
Pros:  GreatVPN  remote  access  capa¬ 
bilities;  good  integration  with  other  Check  | 
Point  VPN  devices;  VLAN  and  multi-zone 
support;  multiple  management  options. 
Cons:  Uplink  capabilities  using  wireless  or  ] 
DSL  not  available;  NAT  configuration 
difficult  to  manage  in  advanced  topologies;  | 
advanced  wireless  security  technologies 
are  not  yet  supported;  poorthird-partyVPN 
interoperability. 


The  breakdown 


Basic  firewalling  20%  4.5 

QoS  and  threat 
management  capabilities  20% 


solid  security  applied  to  the  wireless  net¬ 
work,  with  802.  IX,  Wi-Fi  Protected  Access 
Personal  (pre-shared  key  authentication) 
and  WPA  Enterprise  (802. IX  authentica¬ 
tion)  included,  Check  Paint  didn’t  go  all- 
out  on  the  wireless  feature  set.  For  exam¬ 
ple,  the  wireless  connection  cannot  be 
used  as  an  Internet  up-link,  and  only  a 
single  Service  Set  Identifier  and  security 
zone  is  supported  for  wireless  users. 
Advanced  Encryption  Standard  encryp¬ 
tion  is  not  there  yet. 

While  the  Edge  W’s  wireless  security 
capabilities  aren’t  impressive,  what  is 
included  in  the  box  works  fine.  We  test¬ 
ed  WPA  Personal  and  WPA  Enterprise 
features  and  had  no  problems  connect¬ 
ing  with  Windows  and  Mac  clients,  or 
with  our  Funk  Odyssey  RADIUS  server 
for  802. IX  authentication  (see  How 
we  did  it  at  www.networkworld.com, 
DocFinder:  7322). 

For  basic  configurations,  a  Web  browser 
is  sufficient  to  take  the  Edge  W  from  “out 
of  the  box”  to  running  the  firewall  within 
a  few  minutes.  It’s  easy  to  jump  into 
advanced  configuration  and  define  rules 
that  control  traffic  flow,  network  address 
translation  and  QoS  shaping  in  a  simple 
and  unified  way  The  Edge  W  also  has  a 
command  line  interface  via  the  console 
port  or  a  network  connection. 

For  large  deployments,  Check  Point 
offers  SmartCenter,  a  centralized  man¬ 
agement  system  that  can  control  and 
push  unified  firewall  policy  down  to  mul¬ 
tiple  Edge  W  devices.  We  connected  to 
Check  Pbint’s  Service  Center  to  receive 
firmware,  content  filtering  and  virus  sig¬ 
nature  updates.  SmartCenter  provides  the 
ability  to  manage  the  configuration  of 
hundreds  or  thousands  of  Edge  devices 
using  current  management  tools. 

QoS  has  become  a  hot  topic  with  the 
rise  of  VoIP  and  while  the  buzzword  is 
used  to  describe  the  Edge  W  it  doesn’t 
have  all  the  technology  in  piace  yet. 
Check  Point’s  QoS  capabilities  include 
packet  tagging  and  bandwidth  manage¬ 
ment.  While  it  was  easy  to  set  aside  band¬ 
width  for  the  IP  addresses  occupied  by 


The  VPN-1  Edge  W  has  wireless  antennae  but 
some  advanced  wireless  security  features 
are  lagging. 


our  Session  Initiation  Protocol  (SIP)- 
based  IP  telephones,  the  test  results 
showed  that  the  Edge  W  doesn't  have  a 
very  sophisticated  technology  for  QoS 
management.  To  that  end,  the  tests  in 
which  we  attempted  to  share  a  DSL  line 
with  both  SIP-based  VoIP  traffic  and  a 
heavy  download  of  Microsoft  service 
packs  were  not  very  successful.  In  the 
upstream  direction,  the  Edge  W  was  able 
to  guarantee  a  solid  64K  bit/sec  of  band¬ 
width  for  our  voice  call,  with  excellent 
quality.  Without  any  real  management  in 
the  downstream  direction,  the  received 
voice  quality  was  poor,  with  numerous 
dropouts  as  VoIP  packets  arrived  late  or 
with  too  much  jitter. 

The  VPN  capabilities  on  the  Edge  W  let 
you  use  it  to  easily  and  quickly  join  a 
Check  Point  VPN.  We  tested  this  with  a 
Check  Point  NG  firewall  and  were  able  to 
bring  up  a  tunnel  within  a  few  seconds. 
An  elegant  feature  of  Check  Point’s  over¬ 
all  VPN  architecture  is  the  dynamic 
pushing  of  network  configuration,  mean¬ 
ing  that  the  Edge  W  doesn’t  have  to  be 
configured  to  know  anything  about  the 
central  VPN  server  besides  its  IP  address 
and  how  to  authenticate. 

The  Edge  W  also  includes  a  VPN  tunnel 
server  for  remote  access,  relying  on 
Check  Points  current  Windows  and  Mac 
clients  to  make  the  connection.The  Edge 
W  also  includes  an  “internal”  VPN  server 
that  you  can  use  to  require  internal  users 
to  authenticate  and  encrypt  before 
they’re  allowed  out  of  the  network.This  is 


moderately  useful  in  the  wired  case,  but 
also  has  relevance  with  wireless  connec¬ 
tions,  where  it  can  be  used  as  an  alterna¬ 
tive  to  WPA  security  This  will  be  most 
interesting  in  environments  where  the 
Check  Point  client  already  is  installed 
and  people  are  using  it  for  remote 
access. 

The  Edge  W  includes  threat  manage¬ 
ment  tools  such  as  virus  scanning  and 
URL  filtering,  but  is  limited  in  its  capabili¬ 
ties.  For  example,  only  SMTP  and  Rost 
Office  Protocol  traffic  are  scanned  for 
viruses,  while  IMAP  and  Webmail  are  not 
scanned. 

Check  Point  has  pushed  down  into  the 
Edge  W  a  number  of  high-availability  fea¬ 
tures  available  in  its  larger  firewalls.  The 
Edge  W  offers  WAN  failover  capabilities 
based  on  the  existence  of  a  second 
Ethernet  port  that  can  be  dedicated  to 
managing  a  second  upstream  Internet 
connection.The  Edge  W  also  has  support 
for  device  high  availability  with  state 
sharing  across  two  cooperating  devices. 

After  using  the  Edge  W  as  a  production 
firewall  for  a  week,  the  verdict  is  “solid, 
but  uninspiring.’The  Edge  W  will  be  most 
useful  in  VPN-oriented  environments, 
including  both  site-to-site  and  remote 
access  —  taking  advantage  of  Check 
Point’s  heavy  expertise  there.  But  we 
don’t  recommend  you  buy  it  solely  to 
pick  up  wireless  firewall  capabilities. 

Snyder  is  a  senior  partner  at  Opus  One 
in  Tucson,  Ariz.  He  can  be  reached  at 
Joel.  Snyder@opus  1 .  com. 
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64-bit  operating 
systems 


Windows  Server  speeds  along  at  64  bit 


■  BY  TOM  HENDERSON,  NETWORK  WORLD  LAB  ALLIANCE 

n  our  Clear  Choice  Test  of  Microsoft’s  recently  released  64-bit  edition  of 
Windows  Server  2003,  we  found  that  when  you  employ  optional,  kernel-mode 
processing  features,  the  operating  system  flies.  When  you  don’t,  it  runs  a  bit 
slower  than  other  64-bit  server  operating  systems  we’ve  tested  recently 


These  Windows  2003  Server  x64  kernel 
options  let  certain  processes  run  at  the 
kernel  code  level  —  in  our  test  case  SSL 
certificate  processing,  caching  and  ses¬ 
sion  handling.  When  you  combine  these 
options  with  mandated  64-bit  hardware 
drivers  and  the  vast  amount  of  memory 
that  a  64-bit  processor  can  address,  you 
can  get  some  of  the  best  performance 
we’ve  seen  on  Intel/AMD  architectures. 

When  we  used  kernel  SSL  processing, 
the  number  of  sustained  users  climbed 
by  90%  over  32-bit  Windows  Server  2003 
processing.  When  compared  with  other 
64-bit  operating  systems  (Red  Hat  Enter¬ 
prise  Linux  4.0  [RHEL  4.0]  Advance 
Server  and  Solaris  10),  Windows  Server 
2003  x64  has  a  15%  to  20%  performance 
advantage. 

Without  the  kernel  processing  options, 
Windows  Server  2003  x64  performed 
slightly  under  par  with  competitive  64-bit 
operating  systems  in  our  testing. 

The  downside  to  these  performance 
gains  is  incompatibility  issues  in  terms  of 
the  hardware  Windows  Server  2003  x64 
can  run  on  and  some  of  the  applications 
it  can  support. 

The  two  generic  AMD64  white-box  sys¬ 
tems  we  tested  were  incompatible  with 
Windows  Server  2003  x64.  One  wouldn’t 
start  the  kernel  or  boot  through  a  kernel 
load.  The  other  had  constant  crashes 
after  installation  that  seemed  to  be  relat¬ 
ed  to  motherboard  memory  timing  and 
additional  SCSI  hardware  driver  issues. 

Two  systems  provided  by  Microsoft 
OEM  partners  —  Fblywell  and  HP  —  had 
no  operational  issues.  Our  primary  test 
server  was  HP’s  four-way  Opteron  DL585 
server.  HP  was  the  only  hardware  vendor 
with  a  full  array  of  hardware  drivers  post¬ 
ed  at  Microsoft’s  Web  site  when  the  64-bit 
operating  system  was  released  in  April. 
Buyers  are  captive  to  OEM  hardware 
providers  for  now.  This  obviously  limits 
hardware  choice:  something  we  didn’t 
experience  with  the  64-bit  editions  of 
Solaris  10,SuSE  SLES  9  or  RHEL  4.0. 

Old  DOS  and  early  16-bit  executables 
(games,  WordPerfect  5.1,  and  Lotus  123 
Version  4)  didn’t  work  at  all  or  worked  ini¬ 
tially  but  then  halted  abruptly.  Microsoft 


employs  a  32-bit  emulator  called  WOW64 
that  is  automatically  invoked  to  run  32-bit 
applications.  We  typically  saw  equal  or 
slightly  better  performance  of  these  32-bit 
applications  on  Windows  Server  2003  x64 
vs.  32-bit  Windows  Server  2003. 

Interpreted  code,  such  as  an  old  Visual 
Basic  application  we’d  written  long  ago, 
worked  very  well  on  this  64-bit  engine. 
And  we  could  find  no  difference  in  exe¬ 
cution  time  of  a  Perl  script  running  on 
Microsoft’s  Internet  Information  Server 
Web  service  in  the  32-  or  64-bit  Windows 
environments. 

Performance 

We  developed  an  SSL  Transaction  script 
using  Spirent  Communications’  Web 
Avalanche  to  gauge  the  number  of  sus¬ 
tained  SSL  transactions  over  a  10-minute 
build  cycle  (see  How  we  did  it,  page  42). 

The  particular  test  ramps  up  the  num¬ 
ber  of  discrete  user  sessions,  and  then  sus¬ 
tains  sessions  until  the  number  of  ses¬ 
sions  dropped  reaches  1%.  Generating 
SSL  sessions  is  CPU-intensive,  and  manag¬ 
ing  multiple  numbers  of  sessions  presents 
a  good  gauge  of  how  many  balls  the  serv¬ 
er  can  keep  in  the  air  before  it  drops  one. 

We  tested  this  script  against  Windows 
Server  2003  (both  32-  and  64-bit  versions) 
and  compared  these  numbers  against 
the  64-bit  2.6.7  kernel  in  RHEL  4.0  and 
Solaris  10  64-bit  Edition.  Both  systems 
were  running  Apache  2.0.3  Web  service 
with  OpenSSLWe  used  default  settings  in 
all  cases,  except  when  we  employed  the 
kernel-mode  SSL  processing  on  Windows 
Server  2003  x64,  as  noted. 

We  took  two  sets  of  Windows  Server 
2003  x64  measurements:  one  reflecting 
the  default  kernel  settings,  and  the  other 
reflecting  the  aforementioned  toggle  that 
allows  SSL  to  be  processed  by  the  kernel. 

The  difference  between  the  results 
were  startling,  and  proves  the  benefit  of 
this  simple  setting.  When  we  ran  these 
tests  on  the  four-way  HP  DL585  server,  the 
operating  system  could  sustain  288,471 
sessions  over  a  10-minute  period  when 
the  SSL  sessions  were  handled  at  the  ker¬ 
nel  level.  Microsoft  states  that  the  kernel 
lacks  this  setting  by  default,  for  backward 
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Using  SSL  to  stress  64-bit  Windows 

By  using  Spirent  Communications'  Web  Avalanche  test  software  to  generate  large 
numbers  of  SSL  transactions,  we  can  assess  many  balls  a  server  operating  system 
can  keep  in  the  air  before  it  drops  one.  When  you  take  advantage  of  an  optional 
feature  in  Windows  Server  2003  x64  that  lets  it  process  SSL  requests  at  the  kernel 
level,  Microsoft  beats  the  competition  hands  down.  Without  that  optional  setting, 
Windows  Server  2003  x64  may  not  be  able  to  handle  as  many  sessions  as  Red  Hat 
Enterprise  Linux  4.0  Advanced  Server  or  Sun  Solaris  10. 


Operating  system 

Windows  Server  2003  x64  (native  kernel) 


RHEL  4.0 


124,117 


251,024 


Windows  Server  2003  (32-bit) 


151,902 


SSL  sessions  on  4-way  HP  DL585 
■1  SSL  sessions  on  2-way  Polywell  2200S/2 
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Pushing  64-bit  Windows  with  TCP  connections 

In  ourTCP  transactions  tests  that  measure  how  many  users  get  access  to  and 
are  sustained  by  the  server,  Windows  Server  2003  x64  registered  numbers  pretty 
much  on  par  with  Red  Hat  Enterprise  Linux  4.0  Advanced  Server,  when  both  sets 
of  tests  are  taken  into  acount. 


Operating  system 
Windows  Server  2003  x64  (native  kernel) 

Solaris  10 
RHEL  4.0 

Windows  Server  2003  (32-bit)  88,116 


Maximum  open  TCP  sessions 
106,217 

172,905 

161,600 


Operating  system 


TCP  sessions  per  second  on  HP  DL585 


Windows  Server  2003  x64  (native  kernel)  2,505 

Solaris  10  2,336 

RHEL40  ~  2,521 

Windows  Server  2003  (32-bit)  1,276 
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Clear  Choice  lest 
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compatibility  reasons. 

'Hie  Windows  Server  2003  x64  native-ker¬ 
nel  SSL  session  load  was  fast  (207,202  ses¬ 
sions),  but  not  as  fast  as  RHEL  4.0  (251,024 
sessions). 

We  also  used  two  prior  tests  for  compari¬ 
son  —  the  number  of  maximum  open  TCP 
sessions,  which  measures  how  many  can 


be  sustained,  and  the  number  of  TCP  ses¬ 
sions  per  second  each  operating  system 
could  support,  to  gauge  how  fast  the  sys¬ 
tem  can  ramp  them  up. 

In  the  maximum  TCP  transaction  test, 
Windows  Server  2003  x64  bested  RHEL  4.0 
but  fell  behind  Solaris  10.  In  the  TCP  trans¬ 
action  per  second  measurements,  Micro¬ 


soft  beat  Sun,  but  fell  behind  Red  Hat. 

Summary 

On  the  surface,  little  has  changed  be¬ 
tween  Windows  Server  2003  32-  and  64-bit 
versions,  but  performance  numbers  accen¬ 
tuate  the  musculature  of  the  hardware  and 
memory-addressing  space  beneath.  Win¬ 


dows  Server  2003  x64  is  a  strong  performer, 
especially  when  nominally  tweaked  to  take 
advantage  of  kernel-level  options. 

However,  driver  and  hardware  support  is 
weak  enough  that  Microsoft  requires  buyers 
to  tap  OEM-related  vendors  for  sourcing 
Windows  Server  2003  x64  products.  When 
these  issues  are  resolved,  we’ll  give  it  a 
stronger  recommendation  —  because  it’s 
otherwise  stable,  fast  and  fully  baked. 

Henderson  is  principal  researcher  for 
Extremehabs  in  Indianapolis.  He  can  be 
reached  at  thenderson@extremelabs.com. 


How  We  Did  It 


We  tested  hardware-platform  compatibility  by  testing 
the  64-bit  Windows  Server  2003  Enterprise  x64  Edition 
on  four  platforms.  We  had  no  issues  running  the  64-bit 
code  on  our  primary  test  platform,  an  HP  DL585  server  with 
four  AMD  Opteron  2.4-GHz  CPUs  and  12G  bytes  of  dynamic 
RAM  (DRAM).  Nor  did  we  have  issues  with  the  64-bit  code  on 
our  Polywell  2200S  server  with  its  dual  AMD  Opteron  2.8-GHz 
processors  and  4G  bytes  of  DRAM.  However,  we  had  serious 
compatibility  issues  when  we  tried  to  run  the  code  on  an  MSI 
motherboard-based  white  box  system  with  one  AMD  Opteron 
2.8-GHz  processor  and  1G  byte  of  DRAM,  and  on  an  Asus 
K8N  motherboard-based  server  with  one  AMD  Opteron  2.0- 
GHz  CPU  and  1G  byte  of  DRAM. 

The  official  performance  tests  of  Windows  Server  2003  x64 
were  conducted  on  the  HP  DL585.  We  conducted  tests  in  both 
its  native  mode  and  with  its  SSL-enhancements  activated. 

No  other  optimizations  were  used.  The  Windows  server  was 
both  an  Active  Directory  Domain  Controller  (and  therefore 
DNS  server),  and  a  Certificate  Authority.  It  was  running 
Internet  Information  Server  Version  6.  A  single,  anonymous 
Web  user  was  configured  for  ali  Web  tests  where  applicable. 
No  load  balancing  of  any  kind  was  used  in  any  of  the  above 
tests. 

We  used  the  same  HP  DI..585  server  to  test  Solaris  10,  Red 
Hat  Advanced  Server  4  and  SuSE  Linux  Enterprise  Server  9; 
all  with  default  settings,  and  Apache  2.0.3  with  OpenSSL  (for 


SSL  certificate  services).  DNS  was  deployed,  but  LDAP, 
SAMBA  and  SQUID  proxy  were  not  used. 

We  tested  performance  with  two  Spirent  Web  Avalanche 
systems  running  in  parallel. 

The  SSL  tests  were  connected  to  the  Web  Avalanche  sys¬ 
tems  by  three  Gigabit  Ethernet  connections;  two  from  one 
Web  Avalanche  system,  and  one  from  the  other. 

The  SSL  test  builds  a  set  of  user  SSL  sessions,  via  HTTPS 
reads  from  the  server  under  test,  until  the  number  of  concur¬ 
rent  users  reaches  a  saturation  point  (generating  1%  errors), 
which  we  term  Maximum  Concurrent  Sessions,  This  test 
severely  exercises  the  CPUs  in  the  system  and  requires  man¬ 
agement  of  the  user  session  throughout  the  duration  of  the 
tests  through  "keep-alive”  connection  status  “tickles"  from  the 
Web  Avalanche  boxes.  The  test  is  designed  to  exercise  the 
Web  services  and  operating  system  efficiencies  until  satura¬ 
tion.  The  duration  of  the  test  is  10  minutes,  but  saturation  for 
all  results  arrived  earlier. 

We  also  performed  TCP  Open  Connection  and  TCP 
Maximum  Connection  tests,  and  offer  other  prior  test  results 
for  comparison. 

The  TCP  Open  Connection  Test  is  a  gauge  of  the  number  of 
TCP  sessions  that  can  be  achieved  per  second,  while  the  TCP 
Maximum  Connection  test  measures  the  number  of  open  TCP 
Connections  that  can  be  sustained  until  an  error  rate  exceeds 
5%  (in  dropped  connections). 
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reliability,  Tripp  Lite  offers  a  complete  line  of 
reliable  power  protection  solutions  to  shield 
computers,  servers,  hubs  and  other  equipment 
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MPLS-based 
services  help 
data  centers 


panies  must  choose  between  high  reliabil¬ 
ity  and  essentially  paying  for  a  duplicate 
backup  WAN.  Capabilities  such  as  switched 
virtual  circuits  (SVC)  can  mitigate  the  cost, 
but  increase  operational  complexity  Com¬ 
panies  need  to  configure  SVCs  to  switch 
automatically  to  the  back-up  sites  in  the 


event  of  a  failure,  and  test  their  configura¬ 
tions  regularly.  Again,  MPLS’s  any-to-any 
capability  can  help. 

MPLS-based  services  aren’t  for  everyone, 
but  data  center  managers  engaged  in  con¬ 
solidation,  looking  to  load  balance  across 
multiple  data  centers,  or  with  requirements 
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for  VoIP  or  high  availability  should  defi¬ 
nitely  consider  them. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Only  took  you 
2  minutes  to  audit 
the  entire  network? 


Don't  tell  anyone 
or  they'll  find 
something  else 
for  you  to  do! 


■  BY  JOHNA  TILL  JOHNSON 

Architects  of  next-generation  data  cen¬ 
ters  need  to  think  seriously  about  how 
Multi-protocol  Label  Switching  fits  into 
their  plans.  That  might  seem  counterintu¬ 
itive:  MPLS  is  a  WAN  technology,  which 
doesn’t  directly  apply  to  data  centers.  But 
MPLS-based  services  can  deliver  value  for 
certain  types  of  data  center  architectures. 

There  are  four  key  ways  in  which  MPLS- 
based  WAN  services  can  affect  data  center 
architectures: 

First,  MPLS  can  provide  load  balancing 
across  multiple  data  centers.  One  of  the 
benefits  of  MPLS  is  cost-effective,  highly  reli¬ 
able,  any-to-any  connectivity  Technologies 
such  as  ATM  and  frame  relay  are  priced  by 
the  (virtual)  circuit,  which  encourages 
designing  WANs  with  the  fewest  possible 
circuits.Such  designs  are  typically  hub-and- 
spoke,with  remote  sites  connecting  to  cen¬ 
tral  sites.  This  works  well  in  a  scenario  in 
which  a  cluster  of  regional  sites  is  served  by 
dedicated  data  centers.  But  as  companies 
consolidate  data  centers,  there’s  an  increas¬ 
ing  chance  that  remote  sites  will  need  to 
access  more  than  one  data  center.  MPLS- 
based  services  provide  a  cost-effective  way 
for  remote  sites  to  connect  to  multiple  data 
centers  —  and  if  the  data  centers  contain 
redundant  applications  or  data,  to  load-bal¬ 
ance  between  them. 

Second,  there’s  the  emergence  of  next- 
generation  computing  technologies  such 
as  grid  computing,  peer-to-peer  and  Web 
services.  As  noted,  MPLS-based  services 
excel  at  providing  high-performance  any- 
to-any  connectivity  Web  services  and  peer- 
to-peer  networking  generate  any-to-any 
traffic  patterns;  grid  computing  does  the 
same.  Moreover,  grid,  Web  services  and 
peer-to-peer  applications  often  require 
QoS  capabilities.  Organizations  seeking  to 
deploy  these  technologies  across  a  WAN 
should  definitely  look  into  MPLS. 

Companies  moving  to  IP  PBXs  also  might 
find  MPLS-based  services  worthwhile. 
MPLS’s  QoS  capabilities  are  tailor-made  for 
voice  —  and  it’s  generally  a  good  idea  to 
locate  PBXs  in  highly  available,  fully  redun¬ 
dant  environments  such  as  data  centers. 

Finally,  one  of  the  major  challenges  of 
older  WAN  architectures  is  how  to  provide 
cost-effective  redundant  connectivity  to 
backup  sites.  WAN  services  that  charge  by 
the  circuit  create  scenarios  in  which  com- 
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Cyclades  AlterPath™  System  is  the  industry's  most  comprehensive  Out-of-Band 
Infrastructure  (OOBI)  system.  The  AlterPath  System  allows  remote  data  center 
administration,  eliminating  the  need  for  most  time-consuming,  remedial  site 
visits.  When  fully  deployed  in  your  data  center,  Cyclades  AlterPath  System  lowers 
the  risks  associated  with  outages,  improves  productivity  and  operational 
efficiency,  and  cuts  costs. 
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Each  component  of  the  AlterPath  System  is  designed  to  seamlessly  integrate 
into  the  enterprise,  able  to  scale  in  any  direction.  Whether  you  need  serial 
console  management  of  networking  equipment,  KVM  for  access  to  Windows® 
servers,  branch  management,  IPMI  or  HP  iLO  for  service  processor 
management,  or  advanced  power  management,  the  AlterPath  System  delivers. 
Cyclades  brings  it  all  together,  making  OOBI  administration  seem  like  child's  play. 
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■  CAREER  DEVELOPMENT 

■  PROJECT  MANAGEMENT 

■  BUSINESS  JUSTIFICATION 


Security  best  practices 

Network  protection  requires  striking  the  right  balance  between  risk  and  cost. 


■  BY  DAVID  LAWSON 

Best  security  practices  don’t  exist.  If  they  did,  the  company  imple¬ 
menting  them  would  be  spending  too  much  money  trying  to 
secure  its  information,  and  worse,  more  than  likely  stopping  the 
business  from  operating.  The  best  practice  an  organization  could 
do  is  to  evaluate  its  risk,  comply  with  applicable  standards  at  the 
minimum  level  required,  and  implement  just  enough  control  to 
achieve  that  state. 

There  are  organizations,  such  as  certain  three-letter  government  agencies,  or  R&D 
aspects  of  firms  with  high-value  intellectual  property  transactional  or  money  transfer 
systems,  that  require  best  and  state-of-the-art  security  For  most  of  the  IT  world,  success¬ 
ful  IT  professionals  balance  the  cost  and  onerousness  of  security  controls,  and  IT  costs 
in  general,  to  obtain  an  appropriate  and  acceptable  level  of  risk. 

The  Food  and  Drug  Administration’s  Web  page  on  information  security  states  that  GxP 
is  the  current  standard  for  various  regulatory  compliance  areas  for  pharmaceutical 
companies.  GxP  represents  Good  Prac- 


A  risk  assessment  was  performed.  Although  important,  the  remote  site  could  be  down  for 
several  hours  before  a  significant  effect  would  be  felt  by  the  overall  organization.  The 
office  and  network  staff  overestimated  the  importance  of  the  operation  to  the  business 
and  built  a  design  almost  four  times  as  expensive  as  it  needed  to  be,  based  on  the  cost  to 
buy  highly  available  equipment  and  twice  as  much  of  it.The  security/risk  team  suggested 
a  lower  level  of  availability  equipment  and  saved  the  organization  money.  The  best  prac¬ 
tice  was  too  much  for  the  job. 

There  is  a  simple,  facilitated  procedure  to  do  this,  normally  at  one  of  the  meetings  that  is 
already  a  part  of  the  design  and  decision-making  process. The  National  Institute  of  Stan¬ 
dards  and  Technology  800-30  process  says  to  identify  threats  and  vulnerabilities  and  iden¬ 
tify  controls  mitigating  those  risks  already  deployed  (“current  controls”). Keeping  those  in 
mind,  estimate  the  likelihood  of  the  threat  and  the  impact  of  the  exploit  of  the  vulnerabil¬ 
ity  This  defines  the  “risk”. 

The  easiest  way  to  do  this  is  to  make  a  list  of  all  the  threats  and  vulnerabilities.  Most  peo¬ 
ple  who  aren’t  accustomed  to  abstract  risk  concept  tend  to  group  threats  together  as  a 
“bad  thing  that  could  happen.”  Listing  threats  as  one  makes  the  procedure  easier  to  IT  and 
business  to  follow  and  provide  valid  input.  Group  similar  things  together  and  gain  con¬ 
sensus  on  the  final  list. 

The  goal  should  be  to  have  a  reasonably  sized  list  —  10  to  50  is  a  good  amount.  For  exam¬ 
ple  “unauthorized  access  to  a  Web  application”  can  catch  all  the  hacking,  exceeding  autho¬ 
rized  access,  and  looking  at  other  information  risks  to  a  company  From  this  list,  rate  each  one 

as  high,  medium  or  low  for  probability  and 


Analyzing 
investment  options 


PKI  and  smart  cards  to  reduce 
risk  of  unauthorized  access  to 
static  web  page  -  high  cost  to 
implement,  low  reduction  of 
risk.  Choose  lower  cost  control. 


tices,  not  best  practices.  That  is,  Good 
Manufacturing  Practice  or  Good  Clin¬ 
ical  Practice.  This  is  a  bit  odd:  Good 
enough  was  the  plan  of  the  day  for 
manufacturing  life-saving  drugs. 

Looking  further,  building  codes  define 
“minimal  acceptable  standards”  that 
homes,  lots  and  structures  have  to  meet 
to  be  used.  Similarly  in  the  legal  commu¬ 
nity  there  is  the  standard  of  the  reason¬ 
ably  prudent  person.  Doctors  and  other 
professionals  are  typically  only  held  to  a 
standard  of  reasonable  or  ordinary  care, 
not  excellent  or  the  best  possible  care. 

So  IT  and  business  professionals 
should  not  be  asking  for  best  practices, 
they  should  determine  appropriate  and 
reasonable  controls  to  protect  informa¬ 
tion  and  maintain  compliance  with  fed¬ 
eral  regulations.  Interestingly,  even  the 
regulatory  guidelines  allow  flexibility  in 
approach  to  controls,  as  long  as  the  in¬ 
formation  is  adequately  protected  and 
based  on  the  use  of  a  documented  risk 
assessment  to  determine  this  reason¬ 
ableness  and  appropriateness. 

To  determine  if  you’re  spending  the 

appropriate  amount  on  security  controls,  perform  risk  assessments  for  every  significant 
technology  decision.  Documenting  the  outcome  and  how  you  arrived  at  your  decision 
helps  your  organization  meet  regulatory  and  legal  requirements,  and  earns  you  the  respect 
and  admiration  of  the  business  units  and  bean  counters. 

Take,  for  example,  a  network  architecture  migration.  Engineers  presented  a  fully  redun¬ 
dant,  resilient  design  for  a  branch  office.The  design  specifications  were  based  on  what  the 
engineers  termed  a  “best  practice”  and  on  input  from  the  remote  workers  who  said  they 
had  to  be  on  the  network,  or  their  work  would  grind  to  a  halt. 
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To  determine  the  amount  of  control  you  need, 
use  this  matrix  to  map  the  risk  reduction  to 
the  cost  of  the  control.  Something  that  has  a 
high  risk-reduction  impact  and  low  cost,  such 
as  implementing  a  DMZ  off  a  firewall,  should  be 
implemented  immediately. 


PKI  and  smart  cards  to  reduce  risk 
of  unauthorized  access  to  corporate 
finance  systems  -  high  cost  to 
implement  -  high  reduction  of  risk 
to  implement  control. 


Upgrade  to  MPLS  on 
backbone  -  medium 
cost  increase  compared 
with  current  link, 
medium  reduction  to 
risk  of  availability  on 
WAN.  Evaluate  growth 
plans  and  decide 


Medium 

Impact  to  risk 


impact.  This  should  be  fairly  simple  to  do: 
Most  people  intuitively  know  viruses  occur 
frequently  and  natural  disasters  don’t. 

Use  this  list  to  gauge  the  amount  of  con¬ 
trol  you  need.  Obviously  a  high  probabili¬ 
ty/high  impact  risk  needs  more  con¬ 
trol  to  bring  it  to  a  medium/medium, 
or  a  low/medium.  Something  that  re¬ 
duces  a  high/high  to  a  low/low  has 
normally  reduced  too  much  risk  and 
cost  too  much.  Use  a  simple  chart  (see 
graphic)  to  map  the  risk-reduction  to 
the  cost  of  the  controls.  A  high-risk  re¬ 
duction  impact  that  has  a  low  cost 
should  be  implemented  immediately 
For  example,  an  internal 
firewall  to  control  access 
to  payroll  and  finance  is 
critical  for  Sarbanes-Oxley 
Act  compliance.  However, 
a  high  cost/low  reduction 
control, such  as  using  simi¬ 
lar  firewalls  to  segment 
every'  server  in  the  compa- 


Put  DMZ  off  firewall  to  protect 
mail  and  Web  servers  -  low 
cost  to  utilize  unused  network 
interface  card,  high  impact. 
Implement  control  immediately. 


ny  is  probably  a  waste  of  money 
A  successful  IT  professional  leader  should 
focus  on  how  much  risk  needs  to  be  allevi¬ 
ated,  and  how  much  will  various  controls  cost  to  do  that.  When  you  really  do  need  to 
implement  an  additional  control,  this  process  will  help  you  pick  the  least-expensive  one. 

As  David  Lynas,  executive  director  of  security  organization  The  SABSA  Institute,  says, 
“Spend  absolutely  every  penny  you  need  to  on  security .  .but  not  a  penny  more." 

Lawson  is  vice  president/director  of  the  Global  Security  Practice  and  Facility  Sec  itruy 
Officer  at  Greenwich  Technology  Partners.  He  can  be  reached  at  dlau>son@greenwich 
tech.com. 
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CDI  offers: 

1-«  Hardware  encryption  over  dial-up 
and  network  connections 
RSA  certified  SecurlD  authentication 
without  a  network. 

Patented  central  management  of  all 
remote  devices 


Full  NIST,  FIPS  1 40-2  certifications  •~J~ 

Remote  Power  control 

Homologous  world-wide  approved  •-J“ 
internal  modems 


CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military. 


Communication  Devices  Inc. 
www.outofbandmanagement.com 
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Terminal  server  vendors,  who  proclaim  that 
they  have  Secure  Out  Ot  Band  products,  rely 
on  RADIUS,  TACACS+  and  other  in-band 
protocols  to  provide  security.  By  inference, 
they  imply  they  secure  out  of  hand  access 
when,  in  fact,  they  otter  only  network  security, 
which  conflicts  with  out  of  band  access. 


A  true  Secure  Out  of  Band  Management 
solution  should  provide  strong  security  without 
reliance  upon  network-based  protocols. 


How  Do  You 
Distribute 

20,000  Watts  in 

Your  Cabinet? 

Sentry  CDU  Cabinet  Power  Distribution 


High-density  Equipment  Cabient  Power  Distribution 

84-Outlet  Receptacles 

20,000  Watt  3-Phase  Power  Distribution  Model 

1 0,000  Watt  208  VAC  Power  Distribution  Model 

True  RMS  Power  Monitoring  per  Branch  Circuit 
Local:  Digitial  Displays,  Remote:  via  Interface 

Input  Power  Monitoring  Facilitates  Load  Balancing 

Web  Interface 

SNMP,  MIB  &  Traps 

Integrated  Temperature  &  Humidity  Probes 

Color-coded  Outlets  by  Branch  Circuit/Electrical 
Phase  for  Easy  Identification 

Center  Rail  '  Notch"  for  Simplifying  Cabinet  Installation 


©Server  Technology,  Inc  Sentry  is  a  trademark  of  Server  Technology,  Inc 


Server 

Technology 

■Soiutrofts  for  .{foe  .Data  Center  Equipment  Cabin et 

Power  demai.  Is  from 
today's  new  servers  require 
greater  power  distribution 
in  the  equipment  cabinet. 
The  Sentry  CDU  distributes 
power  for  up  to  42  dual¬ 
power  1 U  servers  in  one 
enclosure.  Single-phase  or 
3-phase  input  with  110  VAC, 
208  VAC  or  mixed  110  208 
VaC  single-phase  outlet 
receptacles. 
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Server  Technology,  Inc. 

1.04G  SaftdNII  Drive 
1  895 


toll  free  +1 .800  83b  1515 

1.775  2  .  20C 
5.28 

www;serverttch  com 
sales@servertech.com 


TAP  into  Performance 

Monitor  mission-critical  links  with  the 
latest  technology  through  new  nTAPs 

Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  nTAP  solution  that 
fits  your  network  and  budget.  Visit  www.networkTAPs.com/visibility  today. 


Ethernet  Copper  nTAP 

For  copper-to-copper  connections 
Choose  your  speed: 

10/100 . $395 

10/100/1000 . $995 


10/100/1000  Conversion  nTAP 

Copper  input  with  copper  or 
fiber  output  options 
Choose  your  analysis  output: 

SX . $1,995 

LX . $1,995 
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Optical  Fiber  nTAP 

Multiple  split  ratios 

Choose  your  port  density: 

Single  channel . 

. $395 

Four  channel . 

$1,795 

Six  channel . 

$2,395  ^ 

_ A 

To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  www.networkTAPs.com/visibility  or  call  866-GET-nTAP  today. 

Free  overnight  delivery* 
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‘Free  overnight  delivery  on  all  U.S.  orders  over  $300.00  confirmed  before  12  pm  CST. 

nTAP  and  the  nTAP  logo  are  trademarks  oi  registered  trademarks  of  Network  Instruments.  LIC 
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SENSAPHONE^ 

IMS 


Sends 
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Monitors 

64 

IP  addresses 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 

Alarming 


Internal 

UPS 


Power 

Control 

Interface 


I  Internal  Voice, 
Ethernet  Modem 
Port  fit  Pager  Port 


8  R|-45  Sensor  Inputs 

(Temperature,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 


Microphone 

for  Sound 
Monitoring 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


Phonetics,  Inc. 

Tel:  877-373-2700 

901  Trye  s  Road 

www. in'  -4000.com 

As  >n,  PA  19014 

www.networkworlcl.com 
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LOCAL  OR  REMOTE  SERVER  MANAGEMENT  SOLUTIONS 


UltraMatrix™ 

Remote 


KVM  OVER  IP 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


System-wide  connectivity  locally  or  over  IP  from  any  location 
worldwide 

Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX, 
and  serial  devices 

High  quality  video  up  to  1280  x  1024 

Secure  encrypted  operation  with  login  and  computer  access  control 

Scaling,  scrolling,  and  auto-size  features 

View  real-time  4  computer  connections  using  the  quad-screen 

mode 


UltraMatrix™ 

E-series 

KVM  SWITCH 


PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches.  It  not  only 
provides  a  comprehensive  solution  for  remote  server  console  access,  this  access  can 
be  local  or  from  any  workstation  on  your  network  over  IP. 


■  KVM  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 

The  RackView  offers  the  latest,  most  efficient  way  to  organize  and 
streamline  your  server  rooms  and  multiple  computers.  The 
RackView  is  a  rack  mountable  KVM  drawer  neatly  fitted  in  a 
compact  pull-out  drawer.  This  easy-glide  KVM  drawer  contains  a 
high-resolution  TFT/LCD  monitor,  a  tactile  keyboard,  and  a  high- 
resolution  touchpad  or  optical  mouse. 


KVM  SWITCH  •  PC  or  multi-platform  (  PC/Unix,  Sun,  App  e,  others) 

•  On-screen  menu  informs  you  of  connection  status 
between  units  in  an  expanded  system 

•  Powerful,  expandable,  low  cost  ... 

•  No  need  to  power  down  most  servers  to  install  ■  ;• 

•  Security  features  prevent  unauthorized  access  '*  . 

•  Free  lifetime  upgrade  of  firmware  '  .  > 

•  Video  resolution  up  to  1600  x  1280  . 

•  Available  in  several  models  v 

•  Easy  to  expand  •  '••••  .v;  ;V«.. 

■  ••.'./■*  .,.w.  ; 

The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technolog,  at+ •  . 
an  affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  users  to  as 
many  as  1,000  computers.  The  UltraMatrix  E-Series  is  available  In  several 
2x4,  2x8,  2x16,  4x4,  4x8,  4x16,  1x8,  and  1x16  and  either  PC  of  multi-  p.lat#C 
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RackView 

Fold-Forward 


RackView 

Fold-Back 


RackView 
LCD  Monitor 
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ROSE  US  +281  933  7673 

ROSE  EUROPE  +44  (0)  1 264  850574 
ROSE  Asia  +65  6324  2322 
ROSE  Australia  +617  3388  1 540 


800-333-9343 

WWW.ROSE.COM 
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Choose  a  network  analyzer  that  puts  you  in  the  driver's  seat. 


FORESIGHT 
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NETWORK 

INSTRUMENTS 


How  much  does  your  network  analyzer  see? 

Observer  is  the  only  fully  distributed  network  analyzer  built 
to  monitor  the  entire  network  (LAN,  802.1  la/b/g.  Gigabit, 
WAN).  Download  your  free  Observer  10  evaluation  today 
and  see  how  Observer  puts  you  in  the  driver's  seat  with  more 
real-time  statistics,  more  in-depth  analysis  and  more  network 
advantages  than  ever  before. Choose  Observer. 

-CRPflC  i  tv  PLRnn  i  no-  Determine  how  much  bandwidth 
your  router  will  need  based  on  historical  usage  patterns  with 
Network  Trending. 

-FORES  i  Ght  -  Predict  how  network  changes  will  affect 
your  response  times  with  "What-lf"  Modeling  Analysis. 

-no  5 1  GnRi  -  Find  rogue  access  points,  monitor  access 
point  load  and  scan  wireless  channels  continuously  with  over 
50  WLAN  Expert  Conditions. 


US  &  Canada 


toll  free  800.526.5958 
fax  952.932.9545 


UK  &  Europe  +44(0)1959569880 

www.networkinstruments.com/analyze 


5/30/05 


www.networkworld.com 


M  Salas  Offices 

# 


Carol  Lasker,  Associate  Publisher/Vice  President 
Jane  Weissman,  Sales  Operations  Manager 
Internet:  clasker,  jweissman@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 


New  York/New  Jersey 

Tom  Davis,  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Account  Director 
Agata  Joseph,  Senior  Sales  Associate 
Internet:  tdavis,  elisas,  ajoseph@nww.com 
(201 )  634-2300/FA X:  (201)  634-9286 _ 

Northeast 

Elisa  Della  Rocco,  Regional  Account  Director 

Internet:  elisas@nww.com 

(508)  460-3333/FAX:  (508)  460-1237 

Mid-Atlantic 

Jacqui  DiBianca,  Regional  Account  Director 
Renee  Wise,  Sales  Assistant 
Internet:  jdibian,  rwise@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 

Midwest/Central 

Tom  Davis,  Associate  Publisher,  Eastern  Region 
Agata  Joseph,  Senior  Sales  Associate 
Internet:  tdavis,  ajoseph@nww.com 
(201)  634-2314/FAX:  (201)  712-9786  


,  Southeast 

'  Don  Seay,  Regional  Account  Director 
Renee  Wise,  Sales  Assistant 
Internet:  dseay,  rwise@nww.com 
(404)  504-6225/FAX:  (404)  504-6212 


i  Northern  California/Northwest 

Sandra  Kupiec,  Associate  Publisher,  Western  Region 
Karen  Wilde,  Regional  Account  Director 
I  Courtney  Cochrane,  Regional  Account  Director 
VanessaTormey,  Regional  Account  Manager 
Teri  Marsh,  Sales  Assistant 
Jennifer  Hallett,  Sales  Assistant 
Internet:  skupiec,  kwilde,  ccochrane,  vtormey,  tmarsh, 
jhallett@nww.com 
(510)  768-2800/FAX:  (510)  768-2801 


.  Southwest/Rockies 

'  Becky  Bogart  Randell,  Regional  Account  Director 
Internet:  brandell@nww.com 
(949)  250-3006/FAX:  (949)  833-2857 


Online/integrated  Solutions 

Kevin  Normandeau,  Vice  President,  Online 

Susan  Cardoza,  National  Sales  Director,  Integrated  Solutions 

Scott  Buckler,  Director  of  Integrated  Solutions 

Stephanie  Gutierrez,  Online  Acct  Manager,  Integrated  Solutions 

James  Kalbach,  Director  of  Integrated  Solutions 

Debbie  Lovell,  Online  Account  Manager,  Integrated  Solutions 

Kate  Zinn,  Director  of  Integrated  Solutions 

Denise  Landry,  Sales  Coordinator 

LisaThompson,  Sales  Coordinator 

Internet:  knormandeau,  scardoza,  sbuckler,  sgutierrez, 

jkalbach,  dlovell,  kzinn,  dlandry,  lthompson@nww.com 

(508)  460-3333/FAX:  (508)  861-0467 


MARKETPLACE/EMERGING  MARKETS 

Donna  Pomponi,  Director  of  Emerging  Markets 

Enku  Gubaie,  Manager  of  Marketplace/Emerging  Markets 

Caitlin  Horgan,  Manager  of  Marketplace/Emerging  Markets 

Jennifer  Moberg,  Manager  of  Marketplace/Emerging  Markets 

Chris  Gibney,  Sales  Operations  Coordinator 

Internet:  dpomponi,  egubaie,  chorgan,  jmoberg, 

cgibney@nww.com 

(508)  460-3333/FAX:  (508)  460-1192 


^sr 


vf 


■  Network  World,  Inc. 

118Turnpike  Road,  Southborough,  MA  01772 
Phone:  (508)  460-3333 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstname_lastname@nww.com 

EvileeThibeault,  CEO/Publisher 
John  Gallant,  President/Editorial  Director 
W.  Michael  Draper,  Chief  Operating  Officer 
Eleni  Brisbois,  Administrative  Planning  Manager 

FINANCE 

Mary  Fanning,  Vice  President  Finance 

Paul  Mercer,  Finance  Manager 

Betty  Amaro-White,  Event  Finance  Manager 

HUMAN  RESOURCES 

Patricia  Duarte,  Vice  President  Fluman  Resources 
Eric  Cormier,  Sr.  Human  Resources  Generalist 

MARKETING 

TerryAnn  Croci,  Sr.  Director  of  Customer  Experience 
Nancy  Sarlan,  Corporate  Marketing  Communications  Mgr. 
Barbara  Sullivan,  Senior  Research  Analyst 
Judy  Schultz,  Marketing  Design  Manager 
Cindy  Panzera,  Marketing  Designer 
PRODUCTION  SERVICES 

Greg  Morgan,  Senior  Director,  Production  Services 
Karen  Wallace,  Senior  Director,  Advertising  Operations 
Mike  Guerin,  Manager  of  Production  Technologies 
JamiThompson,  Sr.  Production  Coordinator 
VeronicaTrotto,  Online  Operations  Coordinator 
Jane  Wilbur,  Online  Ad  Traffic  Coordinator 
Maro  Eremyan,  Advertising  Coordinator 
Christina  Pankievich,  Advertising  Coordinator 
CIRCULATION 

Richard  Priante,  Senior  Director  of  Circulation 

Bobbie  Cruse,  Subscriptions  Manager 

Mary  Mclntire,  Sr.  Circulation  Marketing  Manager 

RESEARCH 

Ann  MacKay,  Research  Director 

DISTRIBUTION 

Bob  Wescott,  Distribution  Manager/(508)  879-0700 
IDG  LIST  RENTAL  SERVICES 

Amy  Bonner,  Account  Executive 

P.O.  Box  9151,  Framingham,  MA  01701-9151 

Toll  free:  (800)  434-5478  ext.  6026/Direct:(508)  370-0826 

Fax:  (508)  370-0020 

SEMINARS.  EVENTS  AND  IDG  EXECUTIVE  FORUMS 

Neal  Silverman,  Vice  President  of  Events  &  E.  F. 

Mike  Garity,  Director  of  Business  Development 

Michele  Zarella,  Director  of  Operations 

Dale  Fisher,  Senior  Event  Planner 

Jacqueline  DiPerna,  Event  Coordinator 

Karen  Bornstein,  Sales  Operations  Specialist 

Danielle  Bourke,  Event  Operations  Coordinator 

Andrea  D'Amato,  National  Sales  Director  Events 

Kristin  Ballou-Cianci,  Event  Regional  Account  Director 

Jennifer  Sand,  Regional  Account  Manager 

Cedric  Fellows,  Regional  Account  Manager 

Grace  Moy,  Exhibit  Sales  Manager 

Debra  Becker,  Dir.,  Marketing  &  Audience  Development 

Sara  Nieburg,  Senior  Marketing  Manager 

Dori  Smith,  Event  Database  Manager 

Buster  Paris,  Marketing  Specialist 

ONLINE  SERVICES 

Kevin  Normandeau,  Vice  President,  Online 

Dan  Gallagher,  Director  of  Audience  Development,  Online 

Norm  Clean,  Director  of  Business  Development,  Online 

Adam  Gaffin,  Executive  Editor,  Online 

Melissa  Shaw,  Managing  Editor,  Online 

Jason  Meserve,  Multimedia  Editor 

Sheryl  Hodge,  Sr.  Online  Copy  Chief 

Deborah  Vozikis,  Design  Manager  Online 

CLIENT  SERVICES 

W.  Michael  Draper,  Chief  Operating  Officer 
Sharon  Stearns,  Director  of  Client  Services 
Leigh  Gagin,  Client  Services  Manager 
Kristin  Miles,  Client  Services  Specialist 
INFORMATION  SYSTEMS/BUSINESS  SERVICES 
W.  Michael  Draper,  Chief  Operating  Officer 
Tom  Kroon,  Director  of  Systems  Development 
Anne  Nickinello,  Senior  Systems  Analyst 
Puneet  Narang,  Manager  of  DatabaseTechnologies 
Wiiiiam  Zhang,  Senior  Software  Engineer 
Manav  Seghal,  Senior  Software  Engineer 
Rocco  Bortone,  Director  of  Network  IT 
Peter  Hebenstreit,  Senior  Network/Telecom  Engineer 
Brian  Wood,  Senior  Systems  Support  Specialist 
Frank  Coelho,  Senior  Manager,  Business  Services 
Mark  Anderson,  Business  Services  Supervisor 
Linda  Cavanagh,  Business  Services  Administrator 


IDG 

Patrick  J.  McGovern,  Chairman  of  the  Board 

Pat  Kenealy,  CEO 

NeAvork  World  is  a  publication  of  IDG,  the  world's  largest 
pylfisher  of  computer-related  information  and  the  leading 
>al  provider  of  information  services  on  information  tech- 
nwogy.  IDG  publishes  over  300  computer  publications  in  75 
iuntries.  Ninety  million  people  read  one  or  more  IDG  publi¬ 
cations  each  month.  Network  World  contributes  to  the  IDG 
lews  Service,  offering  the  latest  on  domestic  and  interna¬ 
tional  computer  news. 


NetworkWorld 


Editorial  Index 


■  A 

■  K 

Ar.r.tnn  Ter.hnnlngy 

19 

Kodak 

34 

Alera  Tfir.hnnlngifis 

34 

Apple 

m 

■  N! 

34 

MO 

6,93 

AT  AT 

18 

Microsoft 

8.24.  ,28. 35 

■  B 

■  N 

RrightWnrk 

PR 

Netcraft 

2Q 

■  G 

■  0 

40 

Oracle 

25 

r.isnn 

8,  19 

rise 

1 

■  Q 

Qwest 

6,  P8 

■  D 

■  R 

Dasktnp.Stanrfarrt 

8 

Reactivity 

13 

■  E 

as 

Fnigmater. 

1? 

Sage  Software 

PR,  3R 

■  F 

Sprint 

29 

Finefirnunri  Networks 

8 

Fisr.hfir  International 

P0 

■  T 

8 

Tumbleweed  Communications 

19 

■  H 

■  V 

HP 

in 

Veritas 

8 

Vir.sa  .Sy.stpm.s 

15 

■  i 

■  w 

[RM 

19.  PR 

WeatherRng 

5Q 

■  J 

Juniper  Networks 

12 

■  Advertiser  Index 

URL 


14 

44 

FMC  Dorp 

13 

wwwFMD  rnm/harkup 

32 

16-17 

4 

26-27 

ihm.rnm/psprvpr/hplpishprpl 

30-31 

IRM  P.nrp 

51 

52 

ihm.rnm/midrilpwarp/rnntpnt 

53 

ihm  rnm/miHHIpwarp/rnnnprt 

,54 

21 

21 

21 

39 

43 

11 

7 

46 

Drar.lp  dorp 

19 

46 

47 

46 

22 

Tripp  1  itp 

42 

VeriSioninc 

2J 

www.VpriSiQn.com 

Network  World  -  www.networkworId.eom 

3Com 

Network  Associates 

ADIC 

Nokia 

Airespace 

Nortel  Networks 

Allot  Communications 

Oracle  Corporation 

Avaya 

PatchLink  Corporation 

BMC 

Program  Deliverables 

Broadcom  Corporation 

Qwest  Communications 

CDW 

RADWARE 

Ceonex,  Inc. 

Redline  Networks 

Chantry  Networks 

Remedy 

Cisco  Systems,  Inc. 

Riverbed  Technology 

Computer  Associates 

RSA  Security  Inc. 

DuPont 

SBC 

EMC  Corp 

Schmidt's  LOGIN  GmbH 

Engenio 

Sprint 

Finisar  Corp 

SSH  Communications 

Groundwork 

Statscout  Pty  Ltd 

HP 

Texas  Instruments 

IBM 

Trend  Micro 

Imprivata 

TrendsMedia  Inc. 

Intel  Corporation 

Tripp  Lite 

IronPort  Systems 

VeriSign  Inc 

Juniper  Networks  Inc 

Verizon  Wireless  Broadband 

Lucent  Technologies 

Webroot 

Meru 

Xerox 

These  indexes  are  provided  as  a  reader  service.  Although  every 
effort  has  been  made  to  make  them  as  complete  as  possible,  the 
publisher  does  not  assume  liability  for  errors  or  omissions, 
indicates  Regional  Demographic 


NetworkWbftf 

Events  and  Executive  Forums 


Network  World  Events  and  Executive 
Forums  produces  educational  events 
and  executive  forums  worldwide, 
including  our  one  day  Technology  Tours, 
customized  on-site  training,  and  executive  forums  such  as  DEMO®, 
DEMOmobile®,  and  VORTEX,  as  well  as  the  DEMOietter  and  VORTEX 
Digest  newsletters.  For  complete  information  on  our  current  seminar 
offerings,  call  us  at  800-6434668  or  go  to  www.networkworld.com/events, 


Publicize  your  press  coverage  in 
Network  World  by  ordering  reprints  of 
your  editorial  mentions.  Reprints 
make  great  marketing  materials  and 
are  available  in  quantities  of  500  and 
up.  To  order,  contact  Reprint 
Management  Services  at  (717)  399- 
1900  x128  or  E-mail:  networkworld@reprintbuyer.com. 


MI 


49 


www.networkworld.com 


Hews 


5/30/05 


NetworkWorld 


Outsourcing 

continued  from  page  1 

being  reevaluated,  says  Bruce 
Guptill,  managing  director  at  con¬ 
sulting  firm  Saugatuck 
Technology 

“The  old-school  value  percep¬ 
tion  was  pretty  much,  ‘Let’s  out¬ 
source  IT  because  it’s  not  our 
business’  The  new-school  value 
perception  is  more,  ‘Let’s  keep,  or 
increase,  the  internal  IT  that  pro¬ 
vides  us  with  unique  business 
advantage,  and  outsource  what’s 
not  part  of  our  core  business  pro¬ 
cesses,”’  he  says. 

In  some  cases,  the  reevaluation 
is  resulting  in  corporations  re¬ 
treating  on  their  outsourcing 
plans.  A  study  earlier  this  year  by 
Deloitte  Consulting  of  25  large 
organizations  with  a  combined 
$50  billion  in  outsourcing  con¬ 
tracts  found  that  one  in  four  com¬ 
panies  had  brought  outsourced 
functions  back  in-house. 

Not  that  some  huge  outsourcing 
deals  aren’t  thriving.  For  example, 
a  10-year,  $3  billion  managed  ser¬ 
vices  contract  between  HP  and 
The  Procter  &  Gamble  Consigned 
in  2003,  is  still  going  strong. 

“We  share  the  same  goal:  trans¬ 
formation;  not  cost  cutting,”  says 
Joe  Hogan,  vice  president  of  HP 
managed  services. 

Companies  use  outsourcers  but 
on  a  more-selective  basis,  analysts 
say  The  vendors  involved  are 
expanding.  In  addition  to  compa¬ 
nies  such  as  IBM,  HP  Electronic 
Data  Systems  and  CSC,  smaller 
vendors,  such  as  Perot  Systems, 
ACS  and  Hewitt  Associates,  are 
getting  involved,  analysts  say 

There’s  a  trend  toward  using 
multiple  service  providers  — 
such  as  one  for  the  network,  one 
for  operating  servers  in  data  cen¬ 
ter  environments,  and  one  for 
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Outsourcing  undone 


The  cancellation  of  a  few  outsourcing  mega-deals  over  the  last  several  months  suggests  a  shift  in  corporate  IT  services 
procurement  strategies  toward  smaller,  more  focused  contracts. 


Customer 

Outsourcer 

Value  of  deal 

Deal  announced 

Deal  canceled 

Cited  factors 

Sears,  Roebuck  and  Co. 

Computer 
Sciences  Corp. 

$1.6  billion  over  10  years 

June  2004 

May  2005 

Sears  claims  CSC  failed  to 
perfom  certain  obligations. 

JPMorgan  Chase 

IBM 

$5  billion  over  seven  years 

December  2002 

September  2004 

JPMorgan  Chase  merger  with 
Bank  One 

Dow  Chemical 

Electronic  Data 
Systems 

$1 .4  billion  over  seven  years 

December  2000 

ggg  mill 

July  2004 

Mutual  termination 

handling  the  help  desk,  says 
Lorrie  Scardino,  research  vice 
president  at  Gartner. 

“There  are  always  going  to  be  a 
handful  of  mega-deals  that  cap¬ 
ture  a  lot  of  press  because  they’re 
huge  and  involve  big  outsourcing 
companies  and  big  clients.  But 
we  also  see  more  selective  out¬ 
sourcing,”  Scardino  says. 

The  failure  of  certain  multibil- 
lion-dollar  mega-deals  has  cap¬ 
tured  a  lot  of  press  lately  including 
the  one  between  Sears  and  CSC. 
Then  there  was  JPMorgan  Chase 
last  fall  backing  off  a  $5  billion, 
seven-year  outsourcing  agree¬ 
ment  with  IBM,  but  stressing  that 
the  two  companies  remain  tech¬ 
nology  partners. 

“We  value  our  strong  relation¬ 
ship  with  IBM  and  we  will  contin¬ 
ue  to  partner  in  delivering  select¬ 
ed  technology  infrastructure  ser¬ 
vices  to  several  of  our  specific 
lines  of  business,”  said  Austin 
Adams,  JPMorgan  Chase’s  CIO. 

A  change  in  leadership  and  sig¬ 
nificant  organizational  change 
are  the  two  biggest  catalysts  that 
modify  an  IT  services  agreement. 
“We  often  see  companies  that 
have  gone  through  mergers  and 
acquisitions  either  increasing  the 
amount  of  outsourcing  or 
decreasing  the  amount  of  out¬ 
sourcing  and  bringing  things 
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back  in-house,”  Scardino  says. 

Shifting  corporate  agendas  also 
are  likely  to  change  a  number  of 
outsourcing  agreements  with  re¬ 
spect  to  duration,  scope  and  tech¬ 
nology  implementation  plans, 
says  Frank  Dzubeck,  president  of 
consulting  company  Communi¬ 
cations  Network  Architects. 

The  major  issue  is  the  effect  that 
business  transformation  efforts  — 
and  the  eventual  manifestation  of 
those  efforts  into  a  service-orient¬ 
ed  architecture  (SOA)  —  will 
have  on  outsourcing  agreements, 
Dzubeck  says. 

“If  any  company  in  the  midst  of 
one  of  these  agreements  decides 
to  start  to  do  a  business  transfor¬ 
mation,  where  they’re  looking  at 


IT  services  slide 

While  the  number  of  IT 
services  contracts  worth  at 
least  $1  million  with  msgor 
vendors  is  on  the  rise. . . 


. . .  the  total  value  of  those 
contracts  has  fallen  by 
13.7%. 


. . .  and  the  average  size  of 
the  contracts  has  dropped 
by  18%. 
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the  company  itself  and  how  it 
does  business,  and  then  works  its 
way  toward  an  SOA,  that’s  going  to 
modify  all  these  agreements,”  he 
says.  “The  agreements  are  very 
legacy-oriented,  and  now  you 
have  to  modify  them  to  bring  the 
legacy  into  the  new  architectures.” 

At  the  same  time,  technology 
advances  are  paving  the  way  for 
more  creative  use  of  IT  out¬ 
sourcers,  analysts  say 

“It’s  easier  and  cheaper  than 
ever  to  build,  and  buy  and  rent  IT 
on  a  functional  basis,”  Saugatuck’s 
Guptill  says.  “CIOs  don’t  have  to 
outsource  everything,  or  even 
most  of  everything,  in  order  to  get 
the  economies  they  want  or  need. 
They  now  have  more  tools,  and 
better,  more  affordable  skills  and 
resources  to  manage  the  melange 
of  technologies  and  applications.” 

That  makes  it  increasingly 
important  for  corporate  end 
users  to  have  a  clear  idea  of  their 
goals,  and  their  exit  strategies, 
when  entering  into  outsourcing 
arrangements. 

Sears  and  CSC,  as  an  example, 
are  in  litigation  after  Sears  killed 
the  10-year,  $1.6  billion  technolo¬ 
gy  services  agreement  less  than  a 
year  after  announcing  the  mega¬ 
deal.  Sears,  which  declined  to 
comment  for  this  story  said  in  a 
Securities  and  Exchange  Com¬ 
mission  filing  that  CSC’s  failure  to 
perform  resulted  in  the  termina¬ 
tion.  CSC  dismisses  the  allegation, 
calling  it  an  attempt  by  Sears  to 
avoid  or  reduce  termination  fees 
of  tens  of  millions  of  dollars,  as 
well  as  a  breach  of  agreement. 

“It’s  a  classic  example  of  how 
difficult  it  can  be  both  financially 
as  well  as  operationally  to  extri¬ 
cate  yourself  from  a  mega  out¬ 
sourcing  deal,”  says  Jeff  Kaplan, 
managing  director  of  Think- 
strategies.  “It  highlights  the  need 
to  make  sure,  right  up  front,  that 
the  rules  of  engagement  are  not 
only  clearly  spelled  out  from  the 
point  of  view  of  how  you’re  going 
to  enter  the  outsourcing  agree¬ 
ment  but  also  from  the  point  of 
view  of  how  you  might  have  to 
extricate  yourself  or  exit  the 
agreement  later  on.”M 


DHS  falls 
short  on 
cyberduties 

■  BY  GRANT  GROSS 

The  U.S.  Department  of 
Homeland  Security  has  failed  to 
fulfill  the  cybersecurity  responsi¬ 
bilities  it  has  been  assigned 
since  its  creation  in  January 
2003,  according  to  a  government 
report  released  last  week. 

DHS  has  not  created  national 
cyber  vulnerability  assessments 
or  government  and  industry 
recovery  plans  for  cyberattacks, 
according  to  the  report,  issued 
by  the  Government  Account¬ 
ability  Office  (GAO). The  agency 
has  “not  fully  addressed  any”  of 
its  13  key  cybersecurity  areas,  the 
GAO  report  says. 

Cyberattacks  are  becoming 
more  likely  to  threaten  vital 
national  infrastructure,  the 
report  says,  and  the  tools  to 
launch  cyberattacks  are  becom¬ 
ing  easier  to  find. 

DHS  needs  to  address  several 
challenges,  including  more  orga¬ 
nizational  stability  in  its  National 
Cyber  Security  Division,  better 
awareness  of  its  cybersecurity 
roles,  and  better  partnerships 
with  private  industry  the  GAO 
report  said.  “Until  it  confronts 
and  resolves  these  underlying 
challenges  and  implements  its 
plans,  DHS  will  have  difficulty 
achieving  significant  results  in 
strengthening  the  cybersecurity 
of  our  critical  infrastructure,”  the 
report  says. 

DHS  disagreed  with  the  report’s 
“overall  conclusion,”  although 
the  agency  agrees  that  it  has 
many  cybersecurity  challenges, 
a  spokesman  says.  Among  DHS’s 
responsibilities:  identifying  and 
assessing  cyberthreats  and  pro¬ 
moting  cybersecurity  awareness. 

Gross  is  a  correspondent  tuith 
the  IDG  News  Service 
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Mark  Gibbs 


Shameful  engineering 


ay  you  purchase  a  car.  A  really 
nice-looking  car  with  lots  of 
cool  features  and  accessories. 
The  first  time  you  take  it  on  the  free¬ 
way  you  get  the  car  up  to  65  mph 
and  switch  on  the  windshield  wipers. 
But  much  to  your  surprise  the  wipers 
stop  working  after  a  few  minutes  and 
can’t  be  restarted  until  you  slow  down  to  30. 
Wouldn’t  you  have  some  choice  words  for  the  engi¬ 
neers  who  designed  and  tested  the  car?  Wouldn’t 
you  wonder  how  such  a  problem  could  occur? 

This  parallels  my  experiences  with  my  new  Mac  1 
wrote  about  last  week.  The  response  I  got  from  you 
has  been  overwhelming! 

There  are  those  who  sympathize  and  have  no  solu¬ 
tion,  and  then  three  other  groups  which  have 
thoughts  about  where  the  problem  lies.The  first 
group  says  the  problem  is  my  fault  —  I  should  have 
added  the  photos  in  batches.This  is  ridiculous. 

If  for  some  bizarre  reason  this  was  the  root  of  the 
problem,  why  didn’t  the  program  say, “Sorry  Mark,  but 
I  can  only  handle  8,000  image  files  at  a  time,  try 
again”?  Why  would  you  build  a  program  so  it  died 
rather  than  confessed  its  limitations?  That  would  be 
shameful  engineering. 

The  next  group  suggested:“Mark,you  must  be 
crazy  to  expect  a  consumer  application  like  iPhoto 


to  be  capable  of  handling  nearly  15,000  images.” 

This  is  similar  to  the  first  group,  but  now  it  isn’t  my 
fault.  So  let’s  consider  the  argument  that  iPhoto  is 
somehow  not  the  correct  quality  application  for  the 
number  and  volume  of  image  files  involved.  Loosely 
wrapped  I  may  be,  but  surely  the  design  and  engi¬ 
neering  of  a  showpiece  product  should  have  good 
error  handling.  Or  is  that  too  much  to  hope  for? 

The  number  of  files  was  frequently  cited  as  a 
problem.  So  let’s  say  iPhoto  can  handle  only  8,000 
photos  happilyAre  you  telling  me  the  software  engi¬ 
neers  at  Apple  didn’t  know  their  design  had  a  file 
limit?  If  there  is  a  known  limit  but  no  error  handling 
for  the  limit  being  exceeded,  it  would  be  shameful 
engineering. 

Many  responses  in  this  group  suggested  the  prob¬ 
lem  might  be  a  “bad”  image  file.  I  have  no  idea  how 
bad  an  image  file  would  have  to  be  to  crash 
halfway-decent  code,  but  short  of  some  kind  of 
thermonuclear  inclusion.it  seems  inconceivable 
that  Apple  wouldn’t  build  in  a  routine  to  catch  the 
problem. 

OK,  let’s  say  the  problem  is  an  emergent  attribute 
of  the  design;  that  is,  it  appears  as  a  consequence  of 
a  number  of  implementation  decisions  and  isn’t 
something  that  can  be  identified  in  a  code  review. 
Then  if  they  didn’t  have  a  built-in  design  limitation 
and  couldn’t  identify  it  in  a  walk-through,  surely  the 
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problem  would  be  found  in  Quality  Assurance. 

If  Apple’s  Quality  Assurance  testing  didn’t  find  the 
problem,  again,  it  would  be  shameful  engineering. 

The  third  group  suggested  that  my  Mac  needs 
more  RAM.  Back  to  the  opening  analogy:“Ah,sir,but 
if  you  want  to  run  the  windshield  wiper  at  65  you 
need  a  bigger  engine.”  Sorry  that  is  just  as  crazy  a  jus¬ 
tification  as  the  others. 

According  to  reader  Chris  01son:“The  fix,  at  pre¬ 
sent,  is  to  use  more  than  one  iPhoto  Library  to  store 
your  images. . .  .To  do  this, simply  hold  down  the 
Option  key  on  your  keyboard  then  click  the  iPhoto 
icon  in  the  Dock  to  start  iPhoto.  You  will  be  greeted 
by  a  dialog  asking  you  to  create  a  new  library  or 
select  one  that’s  already  been  created.  Using  this  lit¬ 
tle-known  feature  you  can  store  photos  in  iPhoto 
until  you  run  out  of  disk  space.” 

If  that  is  true  (1  haven’t  had  time  to  test  this  one 
yet),  it  implies  that  there’s  a  major  conceptual  design 
flaw,  which  is  really  surprising. 

The  problem  is  that  until  Mr.  Jobs  gets  in  touch  and 
lets  me  know  what  the  real  reason  is  for  iPhoto’s 
problems,  there’s  only  one  conclusion  we  can  put  it 
down  to:  shameful  engineering. 

Send  your  shameless  feedback  to  backspin@ 
gibbs.com.  Psst.  Gearblog  (www.networkworld.com/ 
weblogs  /gearblog). 
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By  Paul  McNamara 


Today's  forecast  Tough  sell 

Many  network  professionals  would  just 
as  soon  squash  WeatherBug  under  the 
sole  of  a  heavy  work  boot  as  remove  yet  another  unauthorized  copy  of  the  appli¬ 
cation  from  yet  another  desktop. 

So  what  was  the  company  that  makes  WeatherBug  doing  with  a  booth  smack- 
dab  in  the  middle  of  the  show  floor  at  the  recent  Interop  conference  in  Las  Vegas? 

Taking  its  fight  directly  to  the  enemy  (my  word,  not  theirs). 

WeatherBug's  message?  Not  only  is  our  application  not  the  nuisance  many 
make  it  out  to  be  —  neither  spyware,  adware  nor  a  resource  hog  —  but 
WeatherBug  should  be  welcomed  onto  corporate  networks  as  a  genuine  busi¬ 
ness  tool. Toward  that  end,  WeatherBug  has  developed  an  enterprise  version  of 
its  popular  free  desktop  application,  which  the  company  hopes  will  open  doors 
into  IT  departments  that  haven’t  exactly  embraced  the  downloadable  version. 

Founded  in  1992,  WeatherBug  operates  a  weather- monitoring  network  of  8,000 
tracking  stations  and  more  than  1,000  cameras  located  at  schools,  public  safety 
facilities  andTV  stations.The  desktop  app  has  been  around  for  five  years. 

"The  enterprise  model  allows  you  to  distribute  the  software  via  applications  like 
Microsoft  SMS  and  control  access,"  says  Chris  Sloop,  CTO  and  a  founder  of 
WeatherBug.  “It  is  advertising-free.” 

So  how  was  the  company’s  pitch  received  at  Interop? 

“I  thought  it  was  great,"  Sloop  says  .  “A  wide  range  of  people  stopped  by  and 
they  listened  to  what  we  had  to  say.” 

Which  isn’t  to  say  everyone  was  buying  their  rap.  The  WeatherBug  team  knows 
it  has  yet  to  persuade  everyone  in  IT  that  its  app  is  benign  at  worst  and  an  asset 
at  best.  (They  could  start  with  my  colleague  in  Network  World's  IT  department, 
who  when  asked  for  his  thoughts  about  WeatherBug  chewed  my  ear  off  for  45 
minutes.  His  beef  in  a  nutshell:  WeatherBug  has  no  meaningful  purpose  on  a  typi¬ 


cal  business  desktop,  and,  much  like  any  unauthorized  application,  consumes 
resources  unnecessarily  and  runs  the  risk  of  causing  unanticipated  trouble.) 

WeatherBug  isn’t  claiming  it's  for  everyone  in  every  organization.  And  you  can 
read  all  you  want  about  the  company’s  counterpoints  to  various  criticisms  at 
www.networkworld.com,  DocFinder:  7332. 

Convincing  corporations  that  desktop  weather  alerts  are  a  business  tool  may 
prove  the  toughest  sell  of  all.The  company  distributed  a  flier  at  the  show  head¬ 
lined:  "Q&A  . .  .Why  Should  IT  Professionals  Care  About  WeatherBug?" 

"WeatherBug  helps  IT  professionals  protect  their  IT  infrastructure  by  alerting 
them  when  severe  weather  is  coming  like  high  winds,  thunderstorms,  ice  storms, 
heavy  rain  and  lightning.  In  addition,  company  employees  benefit  from  the  access 
to  live  local  weather  and  traffic  information  for  commuting,  planning  business 
travel  and  monitoring  conditions  at  home  or  at  kids'  schools.” 

Of  course,  there  is  some  relatively  small  subset  of  the  workforce  —  IT  or  other¬ 
wise  —  that  truly  needs  real-time  weather  information. 

The  rest  of  us,  it  would  seem,  should  be  content  to  point  our  browsers  at  any  of 
the  countless  Web  sites  that  provide  weather  data.  Or  maybe  look  out  the  window. 

Distributed  DoS  extortion,  continued 

Last  week  we  explored  the  growing  phenomenon  of  extortionists  threatening 
corporations  with  distributed  denial-of-service  attacks.  Not  only  are  more  such 
attacks  happening,  more  victims  are  paying  up  —  and  clamming  up  about  it. 

Any  list  of  countermeasures,  I  suggested,  should  include  a  legal  mandate  to 
report  an  extortion  attempt  to  law  enforcement  and  a  prohibition  against  paying 
criminals  to  leave  your  network  alone. 

I  also  suggested  that  Congress  is  unlikely  to  do  either. 

But  now  you  have  a  chance  to  vote.  If  you’re  interested  in  answering  our  quick 
two-question  poll  about  this  extortion,  point  your  browser  to  DocFinder:  7340. 

Or  you  can  write  to  me  directly,  of  course.  The  address  is  buzz@nww.com. 
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nilVH  IBM  Tivoli  IT  Service  Management  can  streamline  your  IT  operations.  It's  THE  MOST  COMPLETE  END-TO-END  MIDDLEWARE  SOLUTION 
UiiiiiS  THAT  DELIVERS  TIGHT  INTEGRATION  between  technology,  processes  and  people,  while  boosting  the  availability  and  etficiency  ot  your  IT 
services.  Its  automation  tools  can  help  minimize  time  and  labor  costs,  while  modular  construction  means  it’s  a  solution  that  can  grow  easily  with  your  business. 

DISCOVER  A  BETTER  WAY  TO  MANAGE  THE  BUSINESS  OF  IT  AT  IBM.COM/MIDDLEWARE/MGMT 


IBM.  the  IBM  logo  and  Tivoli  are  registered  trademarks  01  trademarks  of  International  Business  Machines  Cor  poration  in  the  United  States  and/or  other  countries  .?005  IBM  Corporation.  All  rights  reserved 
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Digital  audio.  Video.  Records.  Documents.  Whatever  form  your  information  takes,  IBM  HAS  AN  INFORMATION 
aiUaiil  MANAGEMENT  SOLUTION  THAT  CAN  BE  TAILORED  SPECIFICALLY  FOR  YOU.  Based  on  open  standards,  IBM 
Content  Management  middleware,  part  of  the  IBM  Information  Management  family,  allows  content  to  work  together  seamlessly,  so  employees  can  quickly  get  the 
right  information  at  the  right  time.  Affordable  to  acquire  and  to  manage,  its  modular  construction  means  a  solution  that  can  grow  easily  with  your  business. 
Discover  what  else  IBM  Content  Management  can  do  lor  yon.  V|S|T  ibm.COM/MIDDLEWARE/CONTENT 


Content  Management 
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rfmmmmm  IBM  WebSphere  middleware  is  the  easy,  affordable  way  to  integrate  a  multitude  of  applications.  In  fact,  you  can  CONNECT  MY 
APPLICATION  ON  ANY  PLATFORM  WITH  OPEN  STANDARDS-BASED  IBM  MIDDLEWARE,  Only  IBM  has  years  of  proven,  trusted 
experience  helping  customers  build  composite  applications.  The  open  standards  answer  to  complex  application,  platform  and  IT  infrastructure  combinations, 
IBM  WebSphere  lets  you  re-use  your  existing  IT  investments.  Imagine  increasing  efficiencies  and  making  your  business  more  flexible. 


SEE  HOW  AT  IBM.COM/MIDDLEWARE/CONNECT 
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IBM  MIDDLEWARE  HAS  AN  EASIER,  BETTER  WAY  TO  DO  BUSINESS.  IBM®  Workplace™  solutions.  Everything  you > 
top  of  your  business  is  in  one  easy-to-use  environment.  It’s  a  breeze  to  use  because  it’s  based  on  your  role  Work  ,-tcr 


TO  LEARN  MORE,  VISIT  IBM.COM/MIDDLEWAR 
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